commit a76f89095c3fb33487d532af48fe33af7a3d4804 Author: dvirlabs Date: Sun May 11 00:34:55 2025 +0300 Add mail-services diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/argocd-apps/mailu.yaml b/argocd-apps/mailu.yaml new file mode 100644 index 0000000..b82c64c --- /dev/null +++ b/argocd-apps/mailu.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mailu + namespace: argocd +spec: + project: mail-services + source: + repoURL: 'https://git.dvirlabs.com/dvirlabs/mail-services.git' + targetRevision: HEAD + path: charts/mailu + helm: + valueFiles: + - ../../manifests/mailu/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: mail-services + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/charts/mailu/CHANGELOG.md b/charts/mailu/CHANGELOG.md new file mode 100644 index 0000000..a73527b --- /dev/null +++ b/charts/mailu/CHANGELOG.md @@ -0,0 +1,363 @@ +# Changelog + +## [2.1.2](https://github.com/Mailu/helm-charts/compare/mailu-2.1.1...mailu-2.1.2) (2024-12-22) + + +### Bug Fixes + +* Allow setting custom NodePorts for externalService ([#383](https://github.com/Mailu/helm-charts/issues/383)) ([0b1a9cd](https://github.com/Mailu/helm-charts/commit/0b1a9cda3448f2735460f2aa1c79b50a8f6d38c0)) +* Fix issue with redis subpath needing to be relative ([#376](https://github.com/Mailu/helm-charts/issues/376)) ([0fd99a6](https://github.com/Mailu/helm-charts/commit/0fd99a668bcb32f710bdbce729f38074895d8273)) + +## [2.1.1](https://github.com/Mailu/helm-charts/compare/mailu-2.1.0...mailu-2.1.1) (2024-08-20) + + +### Bug Fixes + +* bump mailu to 2024.06.6 ([#359](https://github.com/Mailu/helm-charts/issues/359)) ([cfc2b7b](https://github.com/Mailu/helm-charts/commit/cfc2b7bf2425ac6e05574da48ee13b29b0307d32)) +* bump mailu version to 2024.06.10 ([#365](https://github.com/Mailu/helm-charts/issues/365)) ([b10d394](https://github.com/Mailu/helm-charts/commit/b10d39463d033c47c82d8b3d1c53acac94c2d926)) + +## [2.1.0](https://github.com/Mailu/helm-charts/compare/mailu-2.0.0...mailu-2.1.0) (2024-07-28) + + +### Features + +* added Tika support ([#356](https://github.com/Mailu/helm-charts/issues/356)) ([34ef061](https://github.com/Mailu/helm-charts/commit/34ef061e9f2c3a906dc198b9fe430361f3a3554f)) +* enable API support ([#358](https://github.com/Mailu/helm-charts/issues/358)) ([0d313fa](https://github.com/Mailu/helm-charts/commit/0d313fa5f307f076d3389075d3dac189383895ad)) +* several fixes for Mailu 2024.06 support ([#354](https://github.com/Mailu/helm-charts/issues/354)) ([3fa16db](https://github.com/Mailu/helm-charts/commit/3fa16db195f3361388c4b9cee329c0e67970dc9a)) + +## [2.0.0](https://github.com/Mailu/helm-charts/compare/mailu-1.5.0...mailu-2.0.0) (2024-06-24) + + +### ⚠ BREAKING CHANGES + +* replace mailu clamav container with official container ([#350](https://github.com/Mailu/helm-charts/issues/350)) + +### Features + +* add extraContainers to helm chart in order to allow users to inject sidecar-containers to each component ([#344](https://github.com/Mailu/helm-charts/issues/344)) ([369a6cd](https://github.com/Mailu/helm-charts/commit/369a6cd3c17c9734d44e74857f96a77700228a40)) +* add the possibility to disable RSPAMD ([#337](https://github.com/Mailu/helm-charts/issues/337)) ([bb5a3ab](https://github.com/Mailu/helm-charts/commit/bb5a3ab6cb919f6334973430ad1175775f8ac829)) +* bump mailu version to 2024.06.3 ([#351](https://github.com/Mailu/helm-charts/issues/351)) ([d35ecce](https://github.com/Mailu/helm-charts/commit/d35ecce77e4c31d379fc9632e57d3db73b53eeb8)) +* replace mailu clamav container with official container ([#350](https://github.com/Mailu/helm-charts/issues/350)) ([b45bd55](https://github.com/Mailu/helm-charts/commit/b45bd55fe61013a14ff2576eda86ff956bf1055c)) + + +### Bug Fixes + +* remove duplicate 'get secrets' in notes ([#345](https://github.com/Mailu/helm-charts/issues/345)) ([1d3cec3](https://github.com/Mailu/helm-charts/commit/1d3cec3f72f372dd0e1116c54ab64557fcfb9f7e)) + +## [1.5.0](https://github.com/Mailu/helm-charts/compare/mailu-1.4.0...mailu-1.5.0) (2023-10-24) + + +### Features + +* add MAILU_HELM_CHART environment variable ([#312](https://github.com/Mailu/helm-charts/issues/312)) ([e26ffd7](https://github.com/Mailu/helm-charts/commit/e26ffd7c70a8788db93cb48cbf48d51a33a8eb8a)) +* bump mailu version to 2.0.30 ([#314](https://github.com/Mailu/helm-charts/issues/314)) ([4884ca4](https://github.com/Mailu/helm-charts/commit/4884ca4d0e030038f262d569b15bca550b404539)) + +## [1.4.0](https://github.com/Mailu/helm-charts/compare/mailu-1.3.0...mailu-1.4.0) (2023-08-29) + + +### Features + +* bump mailu version to 2.0.22 ([#296](https://github.com/Mailu/helm-charts/issues/296)) ([17d3b94](https://github.com/Mailu/helm-charts/commit/17d3b94558f795e0f7f43804f51e23285f8c8075)) + +## [1.3.0](https://github.com/Mailu/helm-charts/compare/mailu-1.2.0...mailu-1.3.0) (2023-08-24) + + +### Features + +* add securityContext and podSecurityContext options ([#263](https://github.com/Mailu/helm-charts/issues/263)) ([6f9e25b](https://github.com/Mailu/helm-charts/commit/6f9e25bba7c7f69e84af6f6cd13fb7648bb5fe0c)) +* dynamic shields ([0651568](https://github.com/Mailu/helm-charts/commit/065156800f661c522a7d89a2c77b107a5f859356)) +* upgrade mailu version to 2.0.20 ([#294](https://github.com/Mailu/helm-charts/issues/294)) ([d7fc85c](https://github.com/Mailu/helm-charts/commit/d7fc85cbc4b68a496a7f9ddc2fdc50d85fac4206)) + + +### Bug Fixes + +* fix postgresql initdb script ([#258](https://github.com/Mailu/helm-charts/issues/258)) ([04b803a](https://github.com/Mailu/helm-charts/commit/04b803a83e89f17a7fc247ebec0b4cd06fbbc73a)) +* fixed probes ([#289](https://github.com/Mailu/helm-charts/issues/289)) ([76c333c](https://github.com/Mailu/helm-charts/commit/76c333c7682536141262255754b74f1065609f17)) +* only include roudcube secrets if webmail.enabled is set to true ([#272](https://github.com/Mailu/helm-charts/issues/272)) ([5e652c0](https://github.com/Mailu/helm-charts/commit/5e652c0b2b5db10032320e7b9e805c711cc6853f)) +* readinessProbe.enabled has no effect ([b33d602](https://github.com/Mailu/helm-charts/commit/b33d60238aaf83fe322c1d100e3b9d4b2cae6ecd)) +* set default permanentSessionLifetime to 30 days instead of 30 hours ([180109f](https://github.com/Mailu/helm-charts/commit/180109f96ff3f9bea39890998a65ab501690cba8)) + +## [1.2.0](https://github.com/Mailu/helm-charts/compare/mailu-1.1.1...mailu-1.2.0) (2023-05-01) + + +### Features + +* Add proxyAuth section to values to configure PROXY_AUTH_* env vars ([04825ef](https://github.com/Mailu/helm-charts/commit/04825ef1457ae34e2b0471fefd04397df4ba4a01)) + + +### Bug Fixes + +* bumped Mailu version to 2.0.10 ([f70466c](https://github.com/Mailu/helm-charts/commit/f70466cde9d11891593d0ecb25b5b1d3bf69a11d)) +* fixed dovecot probes ([b1b0405](https://github.com/Mailu/helm-charts/commit/b1b0405681350a85464cf3d69c3bc28355f7d8c5)) +* fixed readme and generator ([98c21c7](https://github.com/Mailu/helm-charts/commit/98c21c79a68d0aef21c2022d2eb562e232456086)) + +## [1.1.1](https://github.com/Mailu/helm-charts/compare/mailu-1.1.0...mailu-1.1.1) (2023-04-19) + + +### Bug Fixes + +* [BUG] Helm error when deploying with webdav.enabled=true because of missing template [#232](https://github.com/Mailu/helm-charts/issues/232) ([91cd49e](https://github.com/Mailu/helm-charts/commit/91cd49e57166f1d64f2e667b96efe5ba1f01d7c1)) +* [BUG] postfix-overrides ConfigMap will never render [#234](https://github.com/Mailu/helm-charts/issues/234) ([bc73acc](https://github.com/Mailu/helm-charts/commit/bc73acca4f24d162716c73fad6833ffb7dbf9f02)) +* fixed encoding of relayuser and relaypassword ([0209240](https://github.com/Mailu/helm-charts/commit/02092404f1d060699fff81554b54872bcfbb6479)) +* fixed typo in fetchmail deployment ([baca17a](https://github.com/Mailu/helm-charts/commit/baca17a2c12019a8504f3a72b17809690c2d79fc)) +* fixed typo when external service set to NodePort ([741a90d](https://github.com/Mailu/helm-charts/commit/741a90daf10d45f181e253f06c863919b00e9dc3)) + +## [1.1.0](https://github.com/Mailu/helm-charts/compare/mailu-1.0.1...mailu-1.1.0) (2023-04-13) + + +### Features + +* Add support for TLS settings ([07fad3a](https://github.com/Mailu/helm-charts/commit/07fad3a81bb823ca979afdc1dca0d4944d4e7775)) +* Added oletools component ([0a4f95f](https://github.com/Mailu/helm-charts/commit/0a4f95f3d0d42a5a42b9d3db612ff6afb2a62628)) +* Added support for WILDCARD_SENDERS ([f72db8d](https://github.com/Mailu/helm-charts/commit/f72db8d78dd0de4d77ad8085dfafe5de0f38cab8)) + + +### Bug Fixes + +* Fixed sieve support ([91792ff](https://github.com/Mailu/helm-charts/commit/91792ffbc0811d1c0252603c53c17d1e25d646a6)) +* Restrict web ports to ingress-nginx when network policies are enabled ([e21cc8b](https://github.com/Mailu/helm-charts/commit/e21cc8bcdecfcba509bfaea01609858393a2730e)) + +## [1.0.1](https://github.com/Mailu/helm-charts/compare/mailu-1.0.0...mailu-1.0.1) (2023-04-13) + + +### Bug Fixes + +* Fixed Dovecot probes ([41f3497](https://github.com/Mailu/helm-charts/commit/41f349766e5c7a4084befd0b2b62a6c3081f5e6b)) + +## [1.0.0](https://github.com/Mailu/helm-charts/compare/mailu-1.0.0-beta.32...mailu-1.0.0) (2023-04-12) + + +### Miscellaneous Chores + +* Release 1.0.0 ([db41cf5](https://github.com/Mailu/helm-charts/commit/db41cf50d6567177aa13e2ff43320c8df733e8e0)) + +## [1.0.0-beta.32](https://github.com/Mailu/helm-charts/compare/mailu-1.0.0-beta.31...mailu-1.0.0-beta.32) (2023-04-12) + + +### Miscellaneous Chores + +* release 1.0.0-beta.32 ([b31d9f4](https://github.com/Mailu/helm-charts/commit/b31d9f4bbdd8d7ff161e3fadd689798e91437fd7)) + +## [1.0.0-beta.31](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.30...mailu-1.0.0-beta.31) (2023-04-07) + + +### Bug Fixes + +* cleaned env vars for addresses ([11eeea0](https://github.com/fastlorenzo/helm-charts-1/commit/11eeea0738cd56ef881acfa1f0dfe850733ebce3)) +* cleaned env vars for addresses ([#65](https://github.com/fastlorenzo/helm-charts-1/issues/65)) ([1768f6a](https://github.com/fastlorenzo/helm-charts-1/commit/1768f6abf94a61e7379202f4815f8c775cf1774d)) +* Fixed env var for antispam ([c180724](https://github.com/fastlorenzo/helm-charts-1/commit/c18072403f204c68aa2766c29f44255f0aa310a3)) +* Fixed env var for antispam ([#63](https://github.com/fastlorenzo/helm-charts-1/issues/63)) ([00e62e6](https://github.com/fastlorenzo/helm-charts-1/commit/00e62e65011ffe748061fcc1ef126cc9d88678e9)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.31 ([87fa8e8](https://github.com/fastlorenzo/helm-charts-1/commit/87fa8e8b96fca5cbaf0cef08d094ba3f51dd4233)) + +## [1.0.0-beta.30](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.29...mailu-1.0.0-beta.30) (2023-04-07) + + +### Miscellaneous Chores + +* release 1.0.0-beta.30 ([0e7c8af](https://github.com/fastlorenzo/helm-charts-1/commit/0e7c8af3d49fdd874a31d82a19db910197ed77ad)) + +## [1.0.0-beta.29](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.28...mailu-1.0.0-beta.29) (2023-03-17) + + +### Bug Fixes + +* add missing container registry for admin ([1cb6a88](https://github.com/fastlorenzo/helm-charts-1/commit/1cb6a887518e115761ea0260b675969e60ea3ba1)) +* Add missing container registry for admin ([a051d71](https://github.com/fastlorenzo/helm-charts-1/commit/a051d7196ee3cebbf7175395eb65374cea877cb0)) +* Add missing container registry for admin ([a051d71](https://github.com/fastlorenzo/helm-charts-1/commit/a051d7196ee3cebbf7175395eb65374cea877cb0)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.29 ([4892a2a](https://github.com/fastlorenzo/helm-charts-1/commit/4892a2a5757697d5ffc47bd2e6590f65fdad4898)) + +## [1.0.0-beta.28](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.27...mailu-1.0.0-beta.28) (2023-03-17) + + +### Bug Fixes + +* migrate container registry to ghcr.io ([77ad28a](https://github.com/fastlorenzo/helm-charts-1/commit/77ad28a41c9e956fd538f949bab0d36dcd1d9237)) +* Unset default value for realIpFrom ([#53](https://github.com/fastlorenzo/helm-charts-1/issues/53)) ([1d1aa9a](https://github.com/fastlorenzo/helm-charts-1/commit/1d1aa9ac6a2ffbd3729cca8d44e431554b468f57)) +* Updated documentation ([#55](https://github.com/fastlorenzo/helm-charts-1/issues/55)) ([7c52126](https://github.com/fastlorenzo/helm-charts-1/commit/7c521269611c22bad2070b67544e2a6bc162b647)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.28 ([dff244e](https://github.com/fastlorenzo/helm-charts-1/commit/dff244e2cd61a01fa1de4b11d101f7c3db67b4b9)) + +## [1.0.0-beta.27](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.26...mailu-1.0.0-beta.27) (2022-12-14) + + +### Features + +* Refactor env vars ([#50](https://github.com/fastlorenzo/helm-charts-1/issues/50)) ([07feb7a](https://github.com/fastlorenzo/helm-charts-1/commit/07feb7a2c07e3127bac8f90fe5a283adb35817bb)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.27 ([607c463](https://github.com/fastlorenzo/helm-charts-1/commit/607c463f0a01b865bc8189d7ad6360e71c99e2cb)) + +## [1.0.0-beta.26](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.25...mailu-1.0.0-beta.26) (2022-12-11) + + +### Bug Fixes + +* Added extra volumes for all pods ([#48](https://github.com/fastlorenzo/helm-charts-1/issues/48)) ([a466bb0](https://github.com/fastlorenzo/helm-charts-1/commit/a466bb005d6e3ce054edc0ea4b976b0dd89297bf)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.26 ([50b5a28](https://github.com/fastlorenzo/helm-charts-1/commit/50b5a287b581f7ac7fa91c988b947fbbe2358856)) + +## [1.0.0-beta.25](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.24...mailu-1.0.0-beta.25) (2022-12-08) + + +### Features + +* add support for network policy ([8fd3c6c](https://github.com/fastlorenzo/helm-charts-1/commit/8fd3c6c527a692983e54c82511c6e77fc9150df4)) +* add support for network policy ([7e42d15](https://github.com/fastlorenzo/helm-charts-1/commit/7e42d15df88d43213e672235e366edbfb53532c6)) +* add support for network policy ([#46](https://github.com/fastlorenzo/helm-charts-1/issues/46)) ([e42623b](https://github.com/fastlorenzo/helm-charts-1/commit/e42623b11b3bdde6c7c3678d5a1450e0af18e76d)) + + +### Bug Fixes + +* add compatibility with latest Mailu master branch ([#44](https://github.com/fastlorenzo/helm-charts-1/issues/44)) ([25eb5e5](https://github.com/fastlorenzo/helm-charts-1/commit/25eb5e5130a66457400cdffacffde93649af6e63)) +* fixed compatibility with Mailu master ([1a66cb5](https://github.com/fastlorenzo/helm-charts-1/commit/1a66cb545a5c47359069e1e6cf78a0556567b877)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.25 ([cd96738](https://github.com/fastlorenzo/helm-charts-1/commit/cd96738b188af220758f3fa436dd8ae32a3e6655)) +* release 1.0.0-beta.25 ([6129948](https://github.com/fastlorenzo/helm-charts-1/commit/61299485da7eac6456248baa24400c3e35ead737)) + +## [1.0.0-beta.24](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.23...mailu-1.0.0-beta.24) (2022-11-22) + + +### Features + +* Add Rspamd overrides [#38](https://github.com/fastlorenzo/helm-charts-1/issues/38) ([7c25309](https://github.com/fastlorenzo/helm-charts-1/commit/7c25309841252793199b650ce00cda1287daa755)) + + +### Bug Fixes + +* Fix postfix override settings ([6852d19](https://github.com/fastlorenzo/helm-charts-1/commit/6852d1924178260703f0b780358b24abf7bf1bf4)) +* Fixed usage of existingSecret for TLS (fixes [#37](https://github.com/fastlorenzo/helm-charts-1/issues/37)) ([cbb84c7](https://github.com/fastlorenzo/helm-charts-1/commit/cbb84c78d99edb61102b21a0822f236f5f7f6b36)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.24 ([b54e6e8](https://github.com/fastlorenzo/helm-charts-1/commit/b54e6e8b31d858134255d74526791c09a4e26fb5)) + +## [1.0.0-beta.23](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.22...mailu-1.0.0-beta.23) (2022-11-18) + + +### Bug Fixes + +* fixed missing check when using existing claim ([#34](https://github.com/fastlorenzo/helm-charts-1/issues/34)) ([8f36df0](https://github.com/fastlorenzo/helm-charts-1/commit/8f36df0ff0a7cbec6be444e58c21421009acfd4e)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.23 ([a6a86e1](https://github.com/fastlorenzo/helm-charts-1/commit/a6a86e1d7bf729c6e4e92676f6369b2922b87fd0)) + +## [1.0.0-beta.22](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.21...mailu-1.0.0-beta.22) (2022-11-09) + + +### Miscellaneous Chores + +* release 1.0.0-beta.22 ([9e996a2](https://github.com/fastlorenzo/helm-charts-1/commit/9e996a20f654a90c6d65a30f8b86e2044b5c92e4)) + +## [1.0.0-beta.21](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.20...mailu-1.0.0-beta.21) (2022-11-09) + + +### Bug Fixes + +* Fixed typo in nodePort param ([cd29882](https://github.com/fastlorenzo/helm-charts-1/commit/cd298824d73079b0dae7deecf265b0fa4780c8e5)) +* Fixed typo in nodePort param ([#29](https://github.com/fastlorenzo/helm-charts-1/issues/29)) ([bc159d0](https://github.com/fastlorenzo/helm-charts-1/commit/bc159d029d211d62a5730a7dbb4b179091824743)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.21 ([87b2041](https://github.com/fastlorenzo/helm-charts-1/commit/87b2041bbba6e124119c196cca24d9b83f8bd805)) + +## [1.0.0-beta.20](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.19...mailu-1.0.0-beta.20) (2022-11-09) + + +### Bug Fixes + +* fixed typo in external service ([0ec88b1](https://github.com/fastlorenzo/helm-charts-1/commit/0ec88b18a6cdbce99d37e065cd7bd472a82013f9)) +* fixed typo in external service ([#27](https://github.com/fastlorenzo/helm-charts-1/issues/27)) ([a2efb99](https://github.com/fastlorenzo/helm-charts-1/commit/a2efb9955838ea4f1399238e5dabfe3956c79700)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.20 ([69697aa](https://github.com/fastlorenzo/helm-charts-1/commit/69697aaa79c4a8b9662a71d7d5ed29060fafdf2a)) + +## [1.0.0-beta.19](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.18...mailu-1.0.0-beta.19) (2022-11-09) + + +### Features + +* Added support for NodePort for front External Service ([551c9ae](https://github.com/fastlorenzo/helm-charts-1/commit/551c9ae0d791acb67f6a31af7d9d409fe2c07cf6)) +* Added support for NodePort for front External Service ([#25](https://github.com/fastlorenzo/helm-charts-1/issues/25)) ([b9a1b84](https://github.com/fastlorenzo/helm-charts-1/commit/b9a1b8446a1452d3c54d4ecf828d8fa7adf1f851)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.19 ([f3d223c](https://github.com/fastlorenzo/helm-charts-1/commit/f3d223c565eff6aa7ec0821ce38e3f2c536f75eb)) + +## [1.0.0-beta.18](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.17...mailu-1.0.0-beta.18) (2022-11-08) + + +### Features + +* added support for redis external database ([88c1b0d](https://github.com/fastlorenzo/helm-charts-1/commit/88c1b0da26a94de6b31a98fad707d897c5f095cb)) +* added support for redis external database ([#23](https://github.com/fastlorenzo/helm-charts-1/issues/23)) ([7096a13](https://github.com/fastlorenzo/helm-charts-1/commit/7096a134f4f4008436075811807808a4b74dd2ce)) + + +### Bug Fixes + +* updated helm dependency ([c776220](https://github.com/fastlorenzo/helm-charts-1/commit/c77622074e7314301d58a02efa00c5d3928772c5)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.18 ([9065a20](https://github.com/fastlorenzo/helm-charts-1/commit/9065a202fe89ea2ac35f07291a973301c4b35f63)) + +## [1.0.0-beta.17](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.16...mailu-1.0.0-beta.17) (2022-11-08) + + +### Miscellaneous Chores + +* release 1.0.0-beta.17 ([14c48ee](https://github.com/fastlorenzo/helm-charts-1/commit/14c48ee3ea651d0c7a1fc6896bb5a06408250d55)) + +## [1.0.0-beta.16](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.15...mailu-1.0.0-beta.16) (2022-11-08) + + +### Miscellaneous Chores + +* release 1.0.0-beta.16 ([3752e90](https://github.com/fastlorenzo/helm-charts-1/commit/3752e90a310cb1ac1c4bbd7007d868e2618ebb2f)) + +## [1.0.0-beta.15](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.14...mailu-1.0.0-beta.15) (2022-11-08) + + +### Bug Fixes + +* fixed syntax ([fb13f1e](https://github.com/fastlorenzo/helm-charts-1/commit/fb13f1eebf01aa98baf177efa74af6d69df028f1)) + + +### Miscellaneous Chores + +* release 1.0.0-beta.15 ([24493f6](https://github.com/fastlorenzo/helm-charts-1/commit/24493f6bea127e2b474b5449a525e375079dc147)) + +## [1.0.0-beta.14](https://github.com/fastlorenzo/helm-charts-1/compare/mailu-1.0.0-beta.13...mailu-1.0.0-beta.14) (2022-11-08) + + +### Bug Fixes + +* Added keyword for roundcube ([4bf6ba9](https://github.com/fastlorenzo/helm-charts-1/commit/4bf6ba9d8e116d0da959e9df79230454fe3d6e12)) +* changed debug mode to WARNING in CI values ([7e84c2a](https://github.com/fastlorenzo/helm-charts-1/commit/7e84c2ac3a72ce84b94ed8addafb9dcce9db02ba)) +* force release ([8ed1e96](https://github.com/fastlorenzo/helm-charts-1/commit/8ed1e9638e38f76521473a965b91e1f954400eb4)) diff --git a/charts/mailu/Chart.lock b/charts/mailu/Chart.lock new file mode 100644 index 0000000..d0c2332 --- /dev/null +++ b/charts/mailu/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.8.0 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 17.15.2 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 11.9.13 +- name: mariadb + repository: https://charts.bitnami.com/bitnami + version: 12.2.9 +digest: sha256:418939e4cffeabd09d5a87f643f1fc87b43f23b00a9139d36646fcb11ebf4c17 +generated: "2023-08-14T00:40:16.960741779+02:00" diff --git a/charts/mailu/Chart.yaml b/charts/mailu/Chart.yaml new file mode 100644 index 0000000..8621f45 --- /dev/null +++ b/charts/mailu/Chart.yaml @@ -0,0 +1,41 @@ +apiVersion: v2 +appVersion: 2024.06.10 +version: 2.1.2 +name: mailu +description: This chart installs the Mailu mail system on kubernetes +home: https://mailu.io +sources: + - https://github.com/Mailu/helm-charts/ +icon: https://mailu.io/master/_images/logo.png +keywords: + - mailu + - mail + - email + - smtp + - imap + - pop3 + - webmail + - postfix + - dovecot + - roundcube +maintainers: + - name: Mailu + url: https://mailu.io +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 2.8.0 + - condition: redis.enabled + name: redis + version: 17.15.* + repository: https://charts.bitnami.com/bitnami + - condition: postgresql.enabled + name: postgresql + version: 11.9.* + repository: https://charts.bitnami.com/bitnami + - condition: mariadb.enabled + name: mariadb + version: 12.2.* + repository: https://charts.bitnami.com/bitnami diff --git a/charts/mailu/MIGRATION_GUIDE.md b/charts/mailu/MIGRATION_GUIDE.md new file mode 100644 index 0000000..d87f8d4 --- /dev/null +++ b/charts/mailu/MIGRATION_GUIDE.md @@ -0,0 +1,64 @@ +# Migration guide + +Version `1.0.0` is a major release of Mailu Helm Chart. It is not compatible with previous versions. +This guide will help you migrate your data from a previous version to `1.0.0`. + +**We strongly recommend to backup your data before migrating. We will not be responsible in case of any loss of data.** + +## Migration steps + +1. Backup your data +2. Create a new `values.yaml` file (we recommend to create a new one from scratch) +3. Uninstall the previous version of the chart +4. Install the new version of the chart +5. Restore your data + +In-place upgrade could be possible but is not supported. +If you want to perform an in-place upgrade and you are using the built-in MySQL database, you will need to migrate your data manually and backup your existing data **before** attempting the upgrade. +You will also need to manually delete the existing `Ingress`, as well as all existing `Deployment` resources. + +**Running the upgrade will remove the existing MySQL deployment and data!** + +## Breaking changes + +- The embedded MySQL database has been removed from this chart. + This chart can now deploy MariaDB or Postgresql database using the Bitnami charts. + An external database can also be configured. +- The embedded Redis installation has been removed from this chart. + This chart will now deploy Redis using the Bitnami charts. +- Several configuration keys have been renamed, please see more in the [Values mapping](#values-mapping) section. + +## Values mapping + +| Old configuration key | New configuration key | Comments | +| --------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | +| `database.type` | `-` | Removed. Use `postgresql.enabled` or `mariadb.enabled` instead. | +| `database.roundcubeType` | `-` | Removed. Use `postgresql.enabled` or `mariadb.enabled` instead. | +| `database.mysql.roundcubeDatabase` | `global.database.roundcube.database` | | +| `database.mysql.roundcubePassword` | `global.database.roundcube.password` | Ignored if using `global.database.roundcube.existingSecret` | +| `database.mysql.roundcubeUser` | `global.database.roundcube.username` | | +| `database.mysql.rootPassword` | `mariadb.auth.rootPassword` | Check [Bitnami MariaDB](https://artifacthub.io/packages/helm/bitnami/mariadb) for more configuration options. | +| `database.mysql.database` | `mariadb.auth.database` | Check [Bitnami MariaDB](https://artifacthub.io/packages/helm/bitnami/mariadb) for more configuration options. | +| `database.mysql.user` | `mariadb.auth.username` | Check [Bitnami MariaDB](https://artifacthub.io/packages/helm/bitnami/mariadb) for more configuration options. | +| `database.mysql.password` | `mariadb.auth.password` | Check [Bitnami MariaDB](https://artifacthub.io/packages/helm/bitnami/mariadb) for more configuration options. | +| `database.postgresql.roundcubeDatabase` | `global.database.roundcube.database` | | +| `database.postgresql.roundcubePassword` | `global.database.roundcube.password` | Ignored if using `global.database.roundcube.existingSecret` | +| `database.postgresql.roundcubeUser` | `global.database.roundcube.username` | | +| `-` | `postgresql.auth.postgresPassword` | Check [Bitnami Postgresql](https://artifacthub.io/packages/helm/bitnami/postgresql) for more configuration options. | +| `database.postgresql.database` | `postgresql.auth.database` | Check [Bitnami Postgresql](https://artifacthub.io/packages/helm/bitnami/postgresql) for more configuration options. | +| `database.postgresql.user` | `postgresql.auth.username` | Check [Bitnami Postgresql](https://artifacthub.io/packages/helm/bitnami/postgresql) for more configuration options. | +| `database.postgresql.password` | `postgresql.auth.password` | Check [Bitnami Postgresql](https://artifacthub.io/packages/helm/bitnami/postgresql) for more configuration options. | +| `mail.messageSizeLimitInMegabytes` | `limits.messageSizeLimitInMegabytes` | | +| `mail.authRatelimit` | `limits.authRatelimit.ip` | Additional limits available, please see `values.yaml` file for more options. | +| `front.externalService.pop3.pop3` | `front.externalService.services.pop3` | | +| `front.externalService.pop3.pop3s` | `front.externalService.services.pop3s` | | +| `front.externalService.imap.imap` | `front.externalService.services.imap` | | +| `front.externalService.imap.imaps` | `front.externalService.services.imaps` | | +| `front.externalService.smtp.smtp` | `front.externalService.services.smtp` | | +| `front.externalService.smtp.smtps` | `front.externalService.services.smtps` | | +| `front.externalService.smtp.submission` | `front.externalService.services.submission` | | +| `front.controller.kind` | `-` | Removed for now, using `Deployment` kind. To be addressed at a later stage. | +| `certmanager.*` | `-` | Removed. Configure using annotations on `ingress.annotations` to generate a valid certificate instead. | +| `ingress.tlsFlavor` | `ingress.tlsFlavorOverride` | | +| `ingress.externalIngress` | `ingress.enabled` | | +| `roundcube.*` | `webmail.*` | `roundcube` has been renamed to `webmail` | diff --git a/charts/mailu/README.md b/charts/mailu/README.md new file mode 100644 index 0000000..9817e96 --- /dev/null +++ b/charts/mailu/README.md @@ -0,0 +1,1246 @@ +# mailu + +![Version](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fmailu.github.io%2Fhelm-charts%2Findex.yaml&query=%24.entries.mailu%5B%3A1%5D.version&style=flat-square&label=Version) ![AppVersion](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fmailu.github.io%2Fhelm-charts%2Findex.yaml&query=%24.entries.mailu%5B%3A1%5D.appVersion&style=flat-square&label=AppVersion) + +This chart installs the Mailu mail system on kubernetes + +**Homepage:** + +## Compatibility + +| Chart Version | Mailu Version | +| ------------------- | ------------- | +| 0.0.x, 0.1.x, 0.2.x | 1.8 | +| 0.3.x | 1.9.x | +| 1.x.x | 2.x | +| 2.x.x | >= 2024.06 | + +Active development of this chart is only for the latest supported Mailu version. +Branches exists for older mailu versions (e.g. old/mailu-1.8). + +## Prerequisites + +- ⚠️Starting with version 1.9, you need a validating DNSSEC compatible resolver in order to run Mailu. +- a working HTTP/HTTPS ingress controller such as nginx or traefik +- cert-manager v0.12 or higher installed and configured (including a working cert issuer). Otherwise you will need to handle it by yourself and provide the secret to Mailu. +- A node which has a public reachable IP, static address because mail service binds directly to the node's IP +- A hosting service that allows inbound and outbound traffic on port 25. +- Helm 3 (helm 2 support is dropped with release 0.3.0). + +| Repository | Name | Version | +| ---------------------------------- | ---------- | ------- | +| https://charts.bitnami.com/bitnami | common | 2.0.3 | +| https://charts.bitnami.com/bitnami | mariadb | 11.3.\* | +| https://charts.bitnami.com/bitnami | postgresql | 11.9.\* | +| https://charts.bitnami.com/bitnami | redis | 17.3.\* | + +### Warning about open relays + +One of the biggest mistakes when running a mail server is a so called "Open Relay". This kind of misconfiguration is in most cases caused by a badly configured +load balancer which hides the originating IP address of an email which makes Mailu think, the email comes from an internal address and ommits authentification and other checks. In the result, your mail server can be abused to spread spam and will get blacklisted within hours. + +It is very important that you check your setup for open relay at least: + +- after installation +- at any time you change network settings or load balancer configuration + +The check is quite simple: + +- watch the logs for the "mailu-front" POD +- browse to an open relay checker like +- enter the hostname or IP address of your mail server and start the test + +In the logs, you should see some message like + +```bash +2021/10/26 21:23:25 [info] 12#12: *25691 client 18.205.72.90:56741 connected to 0.0.0.0:25 +``` + +It is very important that the IP address shown here is an external public IP address, not an internal like 10.x.x.x, 192.168.x.x or 172.x.x.x. + +Also verify that the result of the check confirms that there is no open relay: + +```bash +SMTP Open Relay OK - Not an open relay. +``` + +### Warning, this will not work on most cloud providers + +- Google cloud does not allow outgoing connections to connect to port 25. You will not be able to send + mails with mailu on google cloud () +- Many cloud providers don't allow to assign fixed IPs directly to nodes. They use proxies or load balancers instead. While + this works well with HTTP/HTTPs, on raw TCP connections (such as mail protocol connections) the originating IP get's lost. + There's a so called "proxy protocol" as a solution for this limitation but that's not yet supported by mailu (due the lack of + support in the nginx mail modules). Without the original IP information, a mail server will not work properly, or worse, will be + an open relay. +- If you'd like to run mailu on kubernetes, consider to rent a cheap VPS and run kuberneres on it (e.g. using rancher2). A good option is to + use hetzner cloud VPS (author's personal opinion). +- Please don't open issues in the bug tracker if your mail server is not working because your cloud provider blocks port 25 or hides + source ip addresses behind a load balancer. + +## Installation + +- Add the repository via: + +```bash +helm repo add mailu https://mailu.github.io/helm-charts/ +``` + +- create a local values file: + +```bash +helm show values mailu/mailu > my-values-file.yaml +``` + +Edit the `my-values-file.yaml` to reflect your environment. + +- deploy the helm-chart with: + +```bash +helm install mailu mailu/mailu -n mailu-mailserver --values my-values-file.yaml +``` + +- Uninstall the helm-chart with: + +```bash +helm uninstall mailu --namespace=mailu-mailserver +``` + +Check that the deployed pods are all running. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | --------------------------------------------------------------------------------- | ----------- | +| `global.imageRegistry` | Global container image registry | `""` | +| `global.imagePullSecrets` | Global container image pull secret | `[]` | +| `global.storageClass` | Global storageClass to use for persistent volumes | `""` | +| `global.database.roundcube.database` | Name of the roundcube database | `roundcube` | +| `global.database.roundcube.username` | Username to use for the roundcube database | `roundcube` | +| `global.database.roundcube.password` | Password to use for the roundcube database | `""` | +| `global.database.roundcube.existingSecret` | Name of an existing secret to use for the roundcube database | `""` | +| `global.database.roundcube.existingSecretPasswordKey` | Name of the key in the existing secret to use for the roundcube database password | `""` | + +### Common parameters + +| Name | Description | Value | +| ------------------- | ------------------------------------------------------------------------------------ | --------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override mailu.fullname include (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mailu.fullname template | `""` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `imageRegistry` | Container registry to use for all Mailu images | `ghcr.io` | + +### Mailu parameters + +| Name | Description | Value | +| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | +| `hostnames` | List of hostnames to generate certificates and ingresses for. The first will be used as primary mail hostname. | `[]` | +| `domain` | Mail domain name. See https://github.com/Mailu/Mailu/blob/master/docs/faq.rst#what-is-the-difference-between-domain-and-hostnames | `""` | +| `secretKey` | The secret key is required for protecting authentication cookies and must be set individually for each deployment | `""` | +| `existingSecret` | Name of the existing secret to retrieve the secretKey. | `""` | +| `timezone` | Timezone to use for the containers | `Etc/UTC` | +| `initialAccount.enabled` | Enable the creation of the initial account | `false` | +| `initialAccount.username` | Username of the initial account | `""` | +| `initialAccount.domain` | Domain of the initial account | `""` | +| `initialAccount.password` | Password of the initial account; ignored if using existing secret; if empty, a random password will be generated and saved in a secret | `""` | +| `initialAccount.existingSecret` | Name of the existing secret to retrieve the initial account's password | `""` | +| `initialAccount.existingSecretPasswordKey` | Name of the key in the existing secret to use for the initial account's password | `""` | +| `initialAccount.mode` | How to treat the creationg of the initial account. Possible values: "create", "update" or "ifmissing" | `update` | +| `api.enabled` | Enable the API interface | `false` | +| `api.token` | Token to use for the API interface - if empty, a random token will be generated and saved in a secret | `""` | +| `api.existingSecret` | Name of the existing secret to retrieve the API token - if set, the token will be ignored | `""` | +| `api.existingSecretTokenKey` | Name of the key in the existing secret to use for the API token | `api-token` | +| `api.webPath` | Path for the API interface | `/api` | +| `subnet` | Change this if you're using different address ranges for pods (IPv4) | `10.42.0.0/16` | +| `subnet6` | Change this if you're using different address ranges for pods (IPv6) | `""` | +| `networkPolicy.enabled` | Enable network policy | `false` | +| `networkPolicy.ingressController.namespace` | Namespace where the ingress controller is deployed | `ingress-nginx` | +| `networkPolicy.ingressController.podSelector` | Selector for the ingress controller pods | `matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +` | +| `mailuVersion` | Override Mailu version to be deployed (tag of mailu images). Defaults to `Chart.AppVersion` - must be master or a version >= 2.0 | `""` | +| `logLevel` | default log level. can be overridden globally or per service | `WARNING` | +| `postmaster` | local part of the postmaster email address (Mailu will use @$DOMAIN as domain part) | `postmaster` | +| `recipientDelimiter` | The delimiter used to separate local part from extension in recipient addresses | `+` | +| `dmarc.rua` | Local part of the DMARC report email address (Mailu will use @$DOMAIN as domain part) | `""` | +| `dmarc.ruf` | Local part of the DMARC failure report email address (Mailu will use @$DOMAIN as domain part) | `""` | +| `limits.messageSizeLimitInMegabytes` | Maximum size of an email in megabytes | `50` | +| `limits.authRatelimit.ip` | Sets the `AUTH_RATELIMIT_IP` environment variable in the `admin` pod | `60/hour` | +| `limits.authRatelimit.ipv4Mask` | Sets the `AUTH_RATELIMIT_IP_V4_MASK` environment variable in the `admin` pod | `24` | +| `limits.authRatelimit.ipv6Mask` | Sets the `AUTH_RATELIMIT_IP_V6_MASK` environment variable in the `admin` pod | `56` | +| `limits.authRatelimit.user` | Sets the `AUTH_RATELIMIT_USER` environment variable in the `admin` pod | `100/day` | +| `limits.authRatelimit.exemptionLength` | Sets the `AUTH_RATELIMIT_EXEMPTION_LENGTH` environment variable in the `admin` pod | `86400` | +| `limits.authRatelimit.exemption` | Sets the `AUTH_RATELIMIT_EXEMPTION` environment variable in the `admin` pod | `""` | +| `limits.messageRatelimit.value` | Sets the `MESSAGE_RATELIMIT` environment variable in the `admin` pod | `200/day` | +| `limits.messageRatelimit.exemption` | Sets the `MESSAGE_RATELIMIT_EXEMPTION` environment variable in the `admin` pod | `""` | +| `externalRelay.host` | Hostname of the external relay | `""` | +| `externalRelay.username` | Username for the external relay | `""` | +| `externalRelay.password` | Password for the external relay | `""` | +| `externalRelay.existingSecret` | Name of the secret containing the username and password for the external relay; if set, username and password will be ignored | `""` | +| `externalRelay.usernameKey` | Key in the secret containing the username for the external relay | `relay-username` | +| `externalRelay.passwordKey` | Key in the secret containing the password for the external relay | `relay-password` | +| `externalRelay.networks` | List of networks that are allowed to use Mailu as external relay | `[]` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `credentialRounds` | Number of rounds to use for password hashing | `12` | +| `sessionCookieSecure` | Controls the secure flag on the cookies of the administrative interface. | `true` | +| `authRequireTokens` | Require tokens for authentication | `false` | +| `sessionTimeout` | Maximum amount of time in seconds between requests before a session is invalidated | `3600` | +| `permanentSessionLifetime` | Maximum amount of time in seconds a session can be kept alive for if it hasn’t timed-out | `2592000` | +| `letsencryptShortchain` | Controls whether we send the ISRG Root X1 certificate in TLS handshakes. | `false` | +| `customization.siteName` | Website name | `Mailu` | +| `customization.website` | URL of the website | `https://mailu.io` | +| `customization.logoUrl` | Sets a URL for a custom logo. This logo replaces the Mailu logo in the topleft of the main admin interface. | `""` | +| `customization.logoBackground` | Sets a custom background colour for the brand logo in the top left of the main admin interface. | `""` | +| `welcomeMessage.enabled` | Enable welcome message | `true` | +| `welcomeMessage.subject` | Subject of the welcome message | `Welcome to Mailu` | +| `welcomeMessage.body` | Body of the welcome message | `Welcome to Mailu, your new email service. Please change your password and update your profile.` | +| `wildcardSenders` | List of user emails that can send emails from any address | `[]` | +| `tls.outboundLevel` | Sets the `OUTBOUND_TLS_LEVEL` environment variable | `""` | +| `tls.deferOnError` | Sets the `DEFER_ON_TLS_ERROR` environment variable | `""` | +| `tls.inboundEnforce` | Sets the `INBOUND_TLS_ENFORCE` environment variable | `""` | + +### Storage parameters + +| Name | Description | Value | +| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `externalDatabase.enabled` | Set to true to use an external database | `false` | +| `externalDatabase.type` | Type of the external database for mailu and roundcube (`mysql`/`postgresql`) | `""` | +| `externalDatabase.host` | Hostname of the database | `""` | +| `externalDatabase.port` | Port of the database | `3306` | +| `externalDatabase.database` | Name of the database | `mailu` | +| `externalDatabase.username` | Username to use for the database | `mailu` | +| `externalDatabase.password` | Password to use for the database | `""` | +| `externalDatabase.existingSecret` | Name of the secret containing the database credentials | `""` | +| `externalDatabase.existingSecretDatabaseKey` | Key in the secret containing the database name | `database` | +| `externalDatabase.existingSecretUsernameKey` | Key in the secret containing the database username | `username` | +| `externalDatabase.existingSecretPasswordKey` | Key in the secret containing the database password | `password` | +| `externalRedis.enabled` | Set to true to use an external Redis instance (ignored if `redis.enabled` is true) | `false` | +| `externalRedis.host` | Hostname of the external Redis instance | `""` | +| `externalRedis.port` | Port of the external Redis instance | `6379` | +| `externalRedis.adminQuotaDbId` | Redis database ID for the quota storage on the admin pod | `1` | +| `externalRedis.adminRateLimitDbId` | Redis database ID for the rate limit storage on the admin pod | `2` | +| `externalRedis.rspamdDbId` | Redis database ID for the rspamd storage on the rspamd pod | `0` | +| `database.mysql.roundcubePassword` | DEPRECATED - DO NOT USE: Password for the roundcube database | `""` | +| `database.postgresql.roundcubePassword` | DEPRECATED - DO NOT USE: Password for the roundcube database | `""` | +| `mariadb.enabled` | Enable MariaDB deployment | `false` | +| `mariadb.architecture` | MariaDB architecture. Allowed values: standalone or replication | `standalone` | +| `mariadb.auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` | +| `mariadb.auth.database` | Name for a custom database to create | `mailu` | +| `mariadb.auth.username` | Name for a custom user to create | `mailu` | +| `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | +| `mariadb.auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` | `""` | +| `mariadb.primary.persistence.enabled` | Enable persistence using PVC | `false` | +| `mariadb.primary.persistence.storageClass` | PVC Storage Class for MariaDB volume | `""` | +| `mariadb.primary.persistence.accessMode` | PVC Access Mode for MariaDB volume | `ReadWriteOnce` | +| `mariadb.primary.persistence.size` | PVC Storage Request for MariaDB volume | `8Gi` | +| `postgresql.enabled` | Enable PostgreSQL deployment | `false` | +| `postgresql.architecture` | PostgreSQL architecture. Allowed values: standalone or replication | `standalone` | +| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | +| `postgresql.auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `changeme` | +| `postgresql.auth.username` | Name for a custom user to create | `mailu` | +| `postgresql.auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided | `""` | +| `postgresql.auth.database` | Name for a custom database to create | `mailu` | +| `postgresql.auth.existingSecret` | Use existing secret for password details (`auth.postgresPassword`, `auth.password` will be ignored and picked up from this secret). The secret has to contain the keys `postgres-password` and `password` | `""` | +| `postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` | +| `postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` | +| `postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` | +| `postgresql.primary.persistence.enabled` | Enable persistence using PVC | `false` | +| `postgresql.primary.persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `""` | +| `postgresql.primary.persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | +| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.single_pvc` | Setings for a single volume for all apps. | `true` | +| `persistence.size` | Size of the persistent volume claim (for single PVC) | `100Gi` | +| `persistence.accessModes` | Access mode of backing PVC (for single PVC) | `["ReadWriteOnce"]` | +| `persistence.annotations` | Annotations for the PVC (for single PVC) | `{}` | +| `persistence.hostPath` | Path to mount the volume at on the host | `""` | +| `persistence.existingClaim` | Name of existing PVC (for single PVC) | `""` | +| `persistence.storageClass` | Storage class of backing PVC (for single PVC) | `""` | +| `persistence.claimNameOverride` | Override the name of the PVC (for single PVC) | `""` | + +### Ingress settings + +| Name | Description | Value | +| ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `ingress.enabled` | Enable external ingress | `true` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the hosts defined at `hostnames` parameter | `true` | +| `ingress.existingSecret` | Name of an existing Secret containing the TLS certificates for the Ingress | `""` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `ingress.realIpHeader` | Sets the value of `REAL_IP_HEADER` environment variable in the `front` pod | `X-Forwarded-For` | +| `ingress.realIpFrom` | Sets the value of `REAL_IP_FROM` environment variable in the `front` pod | `""` | +| `ingress.tlsFlavorOverride` | Overrides the value of `TLS_FLAVOR` environment variable in the `front` pod | `""` | +| `ingress.proxyProtocol.pop3` | Enable PROXY protocol for POP3 (110/tcp) | `false` | +| `ingress.proxyProtocol.pop3s` | Enable PROXY protocol for POP3S (995/tcp) | `false` | +| `ingress.proxyProtocol.imap` | Enable PROXY protocol for IMAP (143/tcp) | `false` | +| `ingress.proxyProtocol.imaps` | Enable PROXY protocol for IMAPS (993/tcp) | `false` | +| `ingress.proxyProtocol.smtp` | Enable PROXY protocol for SMTP (25/tcp) | `false` | +| `ingress.proxyProtocol.smtps` | Enable PROXY protocol for SMTPS (465/tcp) | `false` | +| `ingress.proxyProtocol.submission` | Enable PROXY protocol for Submission (587/tcp) | `false` | +| `ingress.proxyProtocol.manageSieve` | Enable PROXY protocol for ManageSieve (4190/tcp) | `false` | + +### Proxy auth configuration + +| Name | Description | Value | +| --------------------- | -------------------------------------------------------------------- | -------------- | +| `proxyAuth.whitelist` | Comma separated list of CIDRs of proxies to trust for authentication | `""` | +| `proxyAuth.header` | HTTP header containing the email address of the user to authenticate | `X-Auth-Email` | +| `proxyAuth.create` | Whether non-existing accounts should be auto-created | `false` | + +### Frontend load balancer for non-HTTP(s) services + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------- | --------------- | +| `front.logLevel` | Override default log level | `""` | +| `front.image.repository` | Pod image repository | `mailu/nginx` | +| `front.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `front.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `front.hostPort.enabled` | Expose front mail ports via hostPort | `true` | +| `front.externalService.enabled` | Expose front mail ports via external service (ClusterIP or LoadBalancer) | `false` | +| `front.externalService.type` | Service type (ClusterIP or LoadBalancer) | `ClusterIP` | +| `front.externalService.externalTrafficPolicy` | Service externalTrafficPolicy (Cluster or Local) | `Local` | +| `front.externalService.loadBalancerIP` | Service loadBalancerIP | `""` | +| `front.externalService.annotations` | Service annotations | `{}` | +| `front.externalService.ports.pop3` | Expose POP3 port - 110/tcp | `false` | +| `front.externalService.ports.pop3s` | Expose POP3 port (TLS) - 995/tcp | `true` | +| `front.externalService.ports.imap` | Expose IMAP port - 143/tcp | `false` | +| `front.externalService.ports.imaps` | Expose IMAP port (TLS) - 993/tcp | `true` | +| `front.externalService.ports.smtp` | Expose SMTP port - 25/tcp | `true` | +| `front.externalService.ports.smtps` | Expose SMTP port (TLS) - 465/tcp | `true` | +| `front.externalService.ports.submission` | Expose Submission port - 587/tcp | `false` | +| `front.externalService.ports.manageSieve` | Expose ManageSieve port - 4190/tcp | `true` | +| `front.externalService.nodePorts.pop3` | NodePort to use for POP3 (defaults to 110/tcp) | `110` | +| `front.externalService.nodePorts.pop3s` | NodePort to use for POP3 (TLS) (defaults to 995/tcp) | `995` | +| `front.externalService.nodePorts.imap` | NodePort to use for IMAP (defaults to 143/tcp) | `143` | +| `front.externalService.nodePorts.imaps` | NodePort to use for IMAP (TLS) (defaults to 993/tcp) | `993` | +| `front.externalService.nodePorts.smtp` | NodePort to use for SMTP (defaults to 25/tcp) | `25` | +| `front.externalService.nodePorts.smtps` | NodePort to use for SMTP (TLS) (defaults to 465/tcp) | `465` | +| `front.externalService.nodePorts.submission` | NodePort to use for Submission (defaults to 587/tcp) | `587` | +| `front.externalService.nodePorts.manageSieve` | NodePort to use for ManageSieve (defaults to 4190/tcp) | `4190` | +| `front.kind` | Kind of resource to create for the front (`Deployment` or `DaemonSet`) | `Deployment` | +| `front.replicaCount` | Number of front replicas to deploy (only for `Deployment` kind) | `1` | +| `front.resources.limits` | The resources limits for the container | `{}` | +| `front.resources.requests` | The requested resources for the container | `{}` | +| `front.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `front.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `front.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `front.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `front.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `front.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `front.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `front.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `front.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `front.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `front.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `1` | +| `front.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `front.startupProbe.enabled` | Enable startupProbe | `false` | +| `front.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `front.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `front.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `front.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `front.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `front.podLabels` | Add extra labels to pod | `{}` | +| `front.podAnnotations` | Add extra annotations to the pod | `{}` | +| `front.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `front.initContainers` | Add additional init containers to the pod | `[]` | +| `front.priorityClassName` | Pods' priorityClassName | `""` | +| `front.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `front.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `front.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `front.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `front.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `front.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `front.affinity` | Affinity for front pod assignment | `{}` | +| `front.tolerations` | Tolerations for pod assignment | `[]` | +| `front.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `front.hostAliases` | Pod pod host aliases | `[]` | +| `front.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `front.service.annotations` | Admin service annotations | `{}` | +| `front.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `front.updateStrategy.type` | Strategy to use to update Pods | `RollingUpdate` | +| `front.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `front.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `front.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `front.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `front.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `front.extraContainers` | Add additional containers to the pod | `[]` | + +### Admin parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| `admin.enabled` | Enable access to the admin interface | `true` | +| `admin.uri` | URI to access the admin interface | `/admin` | +| `admin.logLevel` | Override default log level | `""` | +| `admin.image.repository` | Pod image repository | `mailu/admin` | +| `admin.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `admin.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `admin.persistence.size` | Pod pvc size | `20Gi` | +| `admin.persistence.storageClass` | Pod pvc storage class | `""` | +| `admin.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `admin.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `admin.persistence.annotations` | Pod pvc annotations | `{}` | +| `admin.resources.limits` | The resources limits for the container | `{}` | +| `admin.resources.requests` | The requested resources for the container | `{}` | +| `admin.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `admin.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `admin.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `admin.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `admin.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `admin.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `admin.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `admin.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `admin.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `admin.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `admin.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `admin.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `admin.startupProbe.enabled` | Enable startupProbe | `false` | +| `admin.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `admin.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `admin.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `admin.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `admin.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `admin.podLabels` | Add extra labels to pod | `{}` | +| `admin.podAnnotations` | Add extra annotations to the pod | `{}` | +| `admin.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `admin.initContainers` | Add additional init containers to the pod | `[]` | +| `admin.priorityClassName` | Pods' priorityClassName | `""` | +| `admin.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `admin.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `admin.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `admin.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `admin.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `admin.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `admin.affinity` | Affinity for admin pod assignment | `{}` | +| `admin.tolerations` | Tolerations for pod assignment | `[]` | +| `admin.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `admin.hostAliases` | Pod pod host aliases | `[]` | +| `admin.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `admin.service.annotations` | Admin service annotations | `{}` | +| `admin.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `admin.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `admin.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `admin.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `admin.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `admin.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `admin.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `admin.extraContainers` | Add additional containers to the pod | `[]` | + +### Redis parameters + +| Name | Description | Value | +| ---------------------------------------- | ------------------------------------------------------------------- | ------------------- | +| `redis.enabled` | Enable redis deployment through the redis subchart | `true` | +| `redis.architecture` | Redis architecture. Allowed values: `standalone` or `replication` | `standalone` | +| `redis.auth.enabled` | DON'T CHANGE THIS VALUE. Mailu doesn't support Redis authentication | `false` | +| `redis.master.enabled` | DON'T CHANGE THIS VALUE. Enable redis master | `true` | +| `redis.master.count` | Number of redis master replicas | `1` | +| `redis.master.persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `redis.master.persistence.size` | Pod pvc size | `8Gi` | +| `redis.master.persistence.storageClass` | Pod pvc storage class | `""` | +| `redis.master.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `redis.master.persistence.annotations` | Pod pvc annotations | `{}` | +| `redis.master.persistence.existingClaim` | Pod pvc existing claim; necessary if using single_pvc | `""` | +| `redis.master.persistence.subPath` | Subpath in PVC; necessary if using single_pvc (set it to `redis`) | `""` | +| `redis.replica.count` | Number of redis replicas (only if `redis.architecture=replication`) | `0` | + +### Postfix parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| `postfix.logLevel` | Override default log level | `""` | +| `postfix.image.repository` | Pod image repository | `mailu/postfix` | +| `postfix.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `postfix.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `postfix.persistence.size` | Pod pvc size | `20Gi` | +| `postfix.persistence.storageClass` | Pod pvc storage class | `""` | +| `postfix.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `postfix.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `postfix.persistence.annotations` | Pod pvc annotations | `{}` | +| `postfix.resources.limits` | The resources limits for the container | `{}` | +| `postfix.resources.requests` | The requested resources for the container | `{}` | +| `postfix.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `postfix.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `postfix.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `postfix.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `postfix.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `postfix.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `postfix.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `postfix.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `postfix.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `postfix.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `postfix.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `postfix.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `postfix.startupProbe.enabled` | Enable startupProbe | `true` | +| `postfix.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `postfix.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `postfix.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `postfix.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `postfix.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `postfix.podLabels` | Add extra labels to pod | `{}` | +| `postfix.podAnnotations` | Add extra annotations to the pod | `{}` | +| `postfix.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `postfix.initContainers` | Add additional init containers to the pod | `[]` | +| `postfix.priorityClassName` | Pods' priorityClassName | `""` | +| `postfix.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `postfix.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `postfix.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `postfix.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `postfix.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `postfix.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `postfix.affinity` | Affinity for postfix pod assignment | `{}` | +| `postfix.tolerations` | Tolerations for pod assignment | `[]` | +| `postfix.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `postfix.hostAliases` | Pod pod host aliases | `[]` | +| `postfix.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `postfix.service.annotations` | Admin service annotations | `{}` | +| `postfix.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `postfix.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `postfix.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `postfix.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `postfix.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `postfix.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `postfix.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `postfix.extraContainers` | Add additional containers to the pod | `[]` | +| `postfix.overrides` | Enable postfix overrides | `{}` | + +### Dovecot parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| `dovecot.enabled` | Enable dovecot | `true` | +| `dovecot.logLevel` | Override default log level | `""` | +| `dovecot.image.repository` | Pod image repository | `mailu/dovecot` | +| `dovecot.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `dovecot.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `dovecot.persistence.size` | Pod pvc size | `20Gi` | +| `dovecot.persistence.storageClass` | Pod pvc storage class | `""` | +| `dovecot.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `dovecot.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `dovecot.persistence.annotations` | Pod pvc annotations | `{}` | +| `dovecot.resources.limits` | The resources limits for the container | `{}` | +| `dovecot.resources.requests` | The requested resources for the container | `{}` | +| `dovecot.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `dovecot.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `dovecot.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `dovecot.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `dovecot.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `dovecot.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `dovecot.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `dovecot.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `dovecot.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `dovecot.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `dovecot.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `dovecot.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `dovecot.startupProbe.enabled` | Enable startupProbe | `false` | +| `dovecot.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `dovecot.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `dovecot.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | +| `dovecot.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `dovecot.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `dovecot.podLabels` | Add extra labels to pod | `{}` | +| `dovecot.podAnnotations` | Add extra annotations to the pod | `{}` | +| `dovecot.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `dovecot.initContainers` | Add additional init containers to the pod | `[]` | +| `dovecot.priorityClassName` | Pods' priorityClassName | `""` | +| `dovecot.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `dovecot.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `dovecot.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `dovecot.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `dovecot.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `dovecot.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `dovecot.affinity` | Affinity for dovecot pod assignment | `{}` | +| `dovecot.tolerations` | Tolerations for pod assignment | `[]` | +| `dovecot.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `dovecot.hostAliases` | Pod pod host aliases | `[]` | +| `dovecot.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `dovecot.service.annotations` | Admin service annotations | `{}` | +| `dovecot.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `dovecot.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `dovecot.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `dovecot.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `dovecot.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `dovecot.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `dovecot.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `dovecot.extraContainers` | Add additional containers to the pod | `[]` | +| `dovecot.overrides` | Enable dovecot overrides | `{}` | +| `dovecot.compression` | Maildir compression algorithm (gz, bz2, lz4, zstd) | `""` | +| `dovecot.compressionLevel` | Maildir compression level (1-9) | `6` | + +### rspamd parameters + +| Name | Description | Value | +| ---------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| `rspamd.enabled` | Enable rspamd | `true` | +| `rspamd.overrides` | Enable rspamd overrides | `{}` | +| `rspamd.antivirusAction` | Action to take when an virus is detected. Possible values: `reject` or `discard` | `discard` | +| `rspamd.logLevel` | Override default log level | `""` | +| `rspamd.image.repository` | Pod image repository | `mailu/rspamd` | +| `rspamd.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `rspamd.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `rspamd.persistence.size` | Pod pvc size | `1Gi` | +| `rspamd.persistence.storageClass` | Pod pvc storage class | `""` | +| `rspamd.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `rspamd.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `rspamd.persistence.annotations` | Pod pvc annotations | `{}` | +| `rspamd.resources.limits` | The resources limits for the container | `{}` | +| `rspamd.resources.requests` | The requested resources for the container | `{}` | +| `rspamd.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `rspamd.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `rspamd.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `rspamd.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `rspamd.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `rspamd.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `rspamd.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `rspamd.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `rspamd.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `rspamd.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `rspamd.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `rspamd.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `rspamd.startupProbe.enabled` | Enable startupProbe | `true` | +| `rspamd.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `rspamd.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `rspamd.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `rspamd.startupProbe.failureThreshold` | Failure threshold for startupProbe | `90` | +| `rspamd.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `rspamd.podLabels` | Add extra labels to pod | `{}` | +| `rspamd.podAnnotations` | Add extra annotations to the pod | `{}` | +| `rspamd.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `rspamd.initContainers` | Add additional init containers to the pod | `[]` | +| `rspamd.priorityClassName` | Pods' priorityClassName | `""` | +| `rspamd.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `rspamd.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `rspamd.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `rspamd.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `rspamd.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `rspamd.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `rspamd.affinity` | Affinity for rspamd pod assignment | `{}` | +| `rspamd.tolerations` | Tolerations for pod assignment | `[]` | +| `rspamd.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `rspamd.hostAliases` | Pod pod host aliases | `[]` | +| `rspamd.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `rspamd.service.annotations` | Admin service annotations | `{}` | +| `rspamd.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `rspamd.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `rspamd.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `rspamd.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `rspamd.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `rspamd.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `rspamd.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `rspamd.extraContainers` | Add additional containers to the pod | `[]` | + +### clamav parameters + +| Name | Description | Value | +| ---------------------------------------------- | ------------------------------------------------------------------------------------- | ---------------------- | +| `clamav.enabled` | Enable ClamAV | `true` | +| `clamav.logLevel` | Override default log level | `""` | +| `clamav.image.repository` | Pod image repository | `clamav/clamav-debian` | +| `clamav.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `1.2.0-6` | +| `clamav.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `clamav.image.registry` | Pod image registry (specific for clamav as it is not part of the mailu organization) | `docker.io` | +| `clamav.persistence.enabled` | Enable persistence using PVC | `true` | +| `clamav.persistence.size` | Pod pvc size | `2Gi` | +| `clamav.persistence.storageClass` | Pod pvc storage class | `""` | +| `clamav.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `clamav.persistence.annotations` | Pod pvc annotations | `{}` | +| `clamav.persistence.labels` | Pod pvc labels | `{}` | +| `clamav.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `clamav.persistence.dataSource` | Custom PVC data source | `{}` | +| `clamav.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `clamav.resources.limits` | The resources limits for the container | `{}` | +| `clamav.resources.requests` | The requested resources for the container | `{}` | +| `clamav.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `clamav.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `clamav.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `clamav.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `clamav.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `clamav.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `clamav.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `clamav.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `clamav.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `clamav.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `clamav.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `clamav.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `clamav.startupProbe.enabled` | Enable startupProbe | `false` | +| `clamav.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `clamav.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `clamav.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `clamav.startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `clamav.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `clamav.podLabels` | Add extra labels to pod | `{}` | +| `clamav.podAnnotations` | Add extra annotations to the pod | `{}` | +| `clamav.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `clamav.initContainers` | Add additional init containers to the pod | `[]` | +| `clamav.priorityClassName` | Pods' priorityClassName | `""` | +| `clamav.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `clamav.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `clamav.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `clamav.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `clamav.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `clamav.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `clamav.affinity` | Affinity for clamav pod assignment | `{}` | +| `clamav.tolerations` | Tolerations for pod assignment | `[]` | +| `clamav.hostAliases` | Pod pod host aliases | `[]` | +| `clamav.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `clamav.service.annotations` | Admin service annotations | `{}` | +| `clamav.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `clamav.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `clamav.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `clamav.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `clamav.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `clamav.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `clamav.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `clamav.extraContainers` | Add additional containers to the pod | `[]` | + +### webmail parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- | +| `webmail.enabled` | Enable deployment of webmail | `true` | +| `webmail.uri` | URI to access webmail | `/webmail` | +| `webmail.type` | Type of webmail to deploy (`roundcube` or `snappymail`) | `roundcube` | +| `webmail.roundcubePlugins` | List of Roundcube plugins to enable | `["archive","zipdownload","markasjunk","managesieve","enigma","carddav","mailu"]` | +| `webmail.logLevel` | Override default log level | `""` | +| `webmail.image.repository` | Pod image repository | `mailu/webmail` | +| `webmail.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `webmail.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `webmail.persistence.size` | Pod pvc size | `20Gi` | +| `webmail.persistence.storageClass` | Pod pvc storage class | `""` | +| `webmail.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `webmail.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `webmail.persistence.annotations` | Pod pvc annotations | `{}` | +| `webmail.resources.limits` | The resources limits for the container | `{}` | +| `webmail.resources.requests` | The requested resources for the container | `{}` | +| `webmail.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `webmail.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `webmail.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `webmail.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `webmail.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `webmail.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `webmail.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `webmail.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `webmail.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `webmail.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `webmail.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `webmail.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `webmail.startupProbe.enabled` | Enable startupProbe | `false` | +| `webmail.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `webmail.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `webmail.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `webmail.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `webmail.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `webmail.podLabels` | Add extra labels to pod | `{}` | +| `webmail.podAnnotations` | Add extra annotations to the pod | `{}` | +| `webmail.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `webmail.initContainers` | Add additional init containers to the pod | `[]` | +| `webmail.priorityClassName` | Pods' priorityClassName | `""` | +| `webmail.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `webmail.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `webmail.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `webmail.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `webmail.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `webmail.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `webmail.affinity` | Affinity for webmail pod assignment | `{}` | +| `webmail.tolerations` | Tolerations for pod assignment | `[]` | +| `webmail.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `webmail.hostAliases` | Pod pod host aliases | `[]` | +| `webmail.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `webmail.service.annotations` | Admin service annotations | `{}` | +| `webmail.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `webmail.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `webmail.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `webmail.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `webmail.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `webmail.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `webmail.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `webmail.extraContainers` | Add additional containers to the pod | `[]` | + +### webdav parameters + +| Name | Description | Value | +| ---------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| `webdav.enabled` | Enable deployment of WebDAV server (using Radicale) | `false` | +| `webdav.logLevel` | Override default log level | `""` | +| `webdav.image.repository` | Pod image repository | `mailu/radicale` | +| `webdav.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `webdav.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `webdav.persistence.size` | Pod pvc size | `20Gi` | +| `webdav.persistence.storageClass` | Pod pvc storage class | `""` | +| `webdav.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `webdav.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `webdav.persistence.annotations` | Pod pvc annotations | `{}` | +| `webdav.resources.limits` | The resources limits for the container | `{}` | +| `webdav.resources.requests` | The requested resources for the container | `{}` | +| `webdav.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `webdav.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `webdav.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `webdav.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `webdav.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `webdav.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `webdav.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `webdav.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `webdav.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `webdav.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `webdav.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `webdav.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `webdav.startupProbe.enabled` | Enable startupProbe | `false` | +| `webdav.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `webdav.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `webdav.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `webdav.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `webdav.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `webdav.podLabels` | Add extra labels to pod | `{}` | +| `webdav.podAnnotations` | Add extra annotations to the pod | `{}` | +| `webdav.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `webdav.initContainers` | Add additional init containers to the pod | `[]` | +| `webdav.priorityClassName` | Pods' priorityClassName | `""` | +| `webdav.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `webdav.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `webdav.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `webdav.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `webdav.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `webdav.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `webdav.affinity` | Affinity for webdav pod assignment | `{}` | +| `webdav.tolerations` | Tolerations for pod assignment | `[]` | +| `webdav.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `webdav.hostAliases` | Pod pod host aliases | `[]` | +| `webdav.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `webdav.service.annotations` | Admin service annotations | `{}` | +| `webdav.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `webdav.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `webdav.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `webdav.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `webdav.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `webdav.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `webdav.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `webdav.extraContainers` | Add additional containers to the pod | `[]` | + +### fetchmail parameters + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| `fetchmail.enabled` | Enable deployment of fetchmail | `false` | +| `fetchmail.delay` | Delay between fetchmail runs | `600` | +| `fetchmail.logLevel` | Override default log level | `""` | +| `fetchmail.image.repository` | Pod image repository | `mailu/fetchmail` | +| `fetchmail.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `fetchmail.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `fetchmail.persistence.size` | Pod pvc size | `20Gi` | +| `fetchmail.persistence.storageClass` | Pod pvc storage class | `""` | +| `fetchmail.persistence.accessModes` | Pod pvc access modes | `["ReadWriteOnce"]` | +| `fetchmail.persistence.claimNameOverride` | Pod pvc name override | `""` | +| `fetchmail.persistence.annotations` | Pod pvc annotations | `{}` | +| `fetchmail.resources.limits` | The resources limits for the container | `{}` | +| `fetchmail.resources.requests` | The requested resources for the container | `{}` | +| `fetchmail.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `fetchmail.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `fetchmail.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `fetchmail.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `fetchmail.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `fetchmail.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `fetchmail.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `fetchmail.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `fetchmail.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `fetchmail.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `fetchmail.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `fetchmail.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `fetchmail.startupProbe.enabled` | Enable startupProbe | `false` | +| `fetchmail.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `fetchmail.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `fetchmail.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `fetchmail.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `fetchmail.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `fetchmail.podLabels` | Add extra labels to pod | `{}` | +| `fetchmail.podAnnotations` | Add extra annotations to the pod | `{}` | +| `fetchmail.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `fetchmail.initContainers` | Add additional init containers to the pod | `[]` | +| `fetchmail.priorityClassName` | Pods' priorityClassName | `""` | +| `fetchmail.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `fetchmail.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `fetchmail.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `fetchmail.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `fetchmail.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `fetchmail.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `fetchmail.affinity` | Affinity for fetchmail pod assignment | `{}` | +| `fetchmail.tolerations` | Tolerations for pod assignment | `[]` | +| `fetchmail.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `fetchmail.hostAliases` | Pod pod host aliases | `[]` | +| `fetchmail.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `fetchmail.service.annotations` | Admin service annotations | `{}` | +| `fetchmail.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `fetchmail.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `fetchmail.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `fetchmail.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `fetchmail.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `fetchmail.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `fetchmail.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `fetchmail.extraContainers` | Add additional containers to the pod | `[]` | + +### OLETools parameters + +| Name | Description | Value | +| ------------------------------------------------ | ------------------------------------------------------------------------------------- | ---------------- | +| `oletools.enabled` | Enable OLETools | `true` | +| `oletools.logLevel` | Override default log level | `""` | +| `oletools.image.repository` | Pod image repository | `mailu/oletools` | +| `oletools.image.tag` | Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) | `""` | +| `oletools.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `oletools.resources.limits` | The resources limits for the container | `{}` | +| `oletools.resources.requests` | The requested resources for the container | `{}` | +| `oletools.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `oletools.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `oletools.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `oletools.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `oletools.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `oletools.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `oletools.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `oletools.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `oletools.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `oletools.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `oletools.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `oletools.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `oletools.startupProbe.enabled` | Enable startupProbe | `false` | +| `oletools.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `oletools.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `oletools.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `oletools.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `oletools.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `oletools.podLabels` | Add extra labels to pod | `{}` | +| `oletools.podAnnotations` | Add extra annotations to the pod | `{}` | +| `oletools.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `oletools.initContainers` | Add additional init containers to the pod | `[]` | +| `oletools.priorityClassName` | Pods' priorityClassName | `""` | +| `oletools.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `oletools.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `oletools.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `oletools.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `oletools.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `oletools.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `oletools.affinity` | Affinity for oletools pod assignment | `{}` | +| `oletools.tolerations` | Tolerations for pod assignment | `[]` | +| `oletools.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `oletools.hostAliases` | Pod pod host aliases | `[]` | +| `oletools.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `oletools.service.annotations` | oletools service annotations | `{}` | +| `oletools.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `oletools.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `oletools.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `oletools.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `oletools.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `oletools.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `oletools.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `oletools.extraContainers` | Add additional containers to the pod | `[]` | + +### Tika parameters + +| Name | Description | Value | +| -------------------------------------------- | ----------------------------------------------------------------------------------------------- | --------------- | +| `tika.enabled` | Enable tika | `true` | +| `tika.logLevel` | Override default log level | `""` | +| `tika.languages` | Array of languages to enable (sets the FULL_TEXT_SEARCH environment variable); "off" to disable | `["en"]` | +| `tika.image.repository` | Pod image repository | `apache/tika` | +| `tika.image.tag` | Pod image tag | `2.9.2.1-full` | +| `tika.image.pullPolicy` | Pod image pull policy | `IfNotPresent` | +| `tika.image.registry` | Pod image registry (specific for tika as it is not part of the mailu organization) | `docker.io` | +| `tika.resources.limits` | The resources limits for the container | `{}` | +| `tika.resources.requests` | The requested resources for the container | `{}` | +| `tika.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `tika.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `tika.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `tika.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `tika.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `tika.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `tika.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `tika.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `tika.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `tika.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `tika.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `tika.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `tika.startupProbe.enabled` | Enable startupProbe | `false` | +| `tika.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `tika.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `tika.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `tika.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `tika.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `tika.podLabels` | Add extra labels to pod | `{}` | +| `tika.podAnnotations` | Add extra annotations to the pod | `{}` | +| `tika.nodeSelector` | Node labels selector for pod assignment | `{}` | +| `tika.initContainers` | Add additional init containers to the pod | `[]` | +| `tika.priorityClassName` | Pods' priorityClassName | `""` | +| `tika.podSecurityContext.enabled` | Enabled pods' Security Context | `false` | +| `tika.podSecurityContext.fsGroup` | Set pods' Security Context fsGroup | `1001` | +| `tika.containerSecurityContext.enabled` | Enabled containers' Security Context | `false` | +| `tika.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `tika.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `tika.terminationGracePeriodSeconds` | In seconds, time given to the pod to terminate gracefully | `2` | +| `tika.affinity` | Affinity for tika pod assignment | `{}` | +| `tika.tolerations` | Tolerations for pod assignment | `[]` | +| `tika.revisionHistoryLimit` | Configure the revisionHistoryLimit of the deployment | `3` | +| `tika.hostAliases` | Pod pod host aliases | `[]` | +| `tika.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `tika.service.annotations` | tika service annotations | `{}` | +| `tika.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `tika.updateStrategy.type` | Can be set to RollingUpdate or OnDelete | `RollingUpdate` | +| `tika.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | +| `tika.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables to mount in the pod | `""` | +| `tika.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables to mount in the pod | `""` | +| `tika.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the pod | `[]` | +| `tika.extraVolumes` | Optionally specify extra list of additional volumes for the pod(s) | `[]` | +| `tika.extraContainers` | Add additional containers to the pod | `[]` | + + +## Example values.yaml to get started + +```yaml +domain: mail.mydomain.com +hostnames: + - mail.mydomain.com +initialAccount: + domain: mail.mydomain.com + password: chang3m3! + username: mailadmin +logLevel: INFO +limits: + authRatelimit: + ip: 100/minute;3600/hour + user: 100/day + messageSizeLimitInMegabytes: 200 +persistence: + size: 100Gi + storageClass: fast +secretKey: chang3m3! +``` + +## Persistence + +### hostPath persistence + +If `persistence.hostPath` is set, a path on the host is used for persistence. This overrides all other persistence options. + +### PVC with existing claim + +If `persistence.existingClaim` is set, no PVC is created and the existing PVC with the given name is being used. + +This can be configured on an individual basis for each Mailu component as well. + +### PVC with automatic provisioning + +If neither `persistence.hostPath` nor `persistence.existingClaim` is set, a new PVC is created. The name of the claim is generated but it +can be overridden with `persistence.claimNameOverride`. + +The `persistence.storageClass` is not set by default. It can be set to `-` to have an empty storageClassName or to anything else depending on your setup. + +If you use only one PVC for all components and you have multiple nodes, ensure that you set `persistence.accessMode` to `ReadWriteMany` (and that your storage class supports it). + +## Troubleshooting + +### All services are running but authentication fails for webmail and imap + +It's very likely that your PODs run on a different subnet than the default `10.42.0.0/16`. Set the `subnet` value to the correct subnet and try again. + +**Warning:** For security reasons, make sure that the `subnet` value is scoped only to the resources that belongs to your cluster. Do not use a subnet that is too large as any IP within the `subnet` would have extended rights to send emails, bypassing some security controls and potentially making your installation an open relay. + +## Deployment of DaemonSet for front nginx pod(s) + +Depending on your environment you might want to shedule "only one pod" (`Deployment`) or "one pod per node" (`DaemonSet`) for the `front` nginx pod(s). + +A `DaemonSet` can e.g. be usefull if you have multiple DNS entries / IPs in your MX record and want `front` to be reachable on every IP. + +This can be set with the `front.kind` value. + +Beware that if using a `DaemonSet` you'll need a storage class that supports `ReadWriteMany` access mode. + +## Ingress + +The default ingress is handled externally. In some situations, this is problematic, such as when webmail should be accessible +on the same address as the exposed ports. Kubernetes services cannot provide such capabilities without vendor-specific annotations. + +By setting `ingress.enabled` to false, the internal NGINX instance provided by `front` will configure TLS according to +`ingress.tlsFlavorOverride` and redirect `http` scheme connections to `https`. + +CAUTION: This configuration exposes `/admin` to all clients with access to the web UI. + +## Cert Manager + +The default logic is to use Cert Manager to generate certificate for Mailu via Ingress annotations (`ingress.annotations={}`). + +In some configuration you want to handle certificate generation and update another way, use `ingress.existingSecret=NAME_OF_EXISTING_SECRET` to let the Chart know where to find certificates managed externally. + +You will have to create and keep up-to-date your TLS keys. + +## Database + +By default both, Mailu and RoundCube uses an embedded SQLite database. + +The chart allows to deploy a MariaDB or a PostgresQL database. + +You can also make use of an existing database by setting the correct under `externalDatabase`. + +### Embedded MariaDB / MySQL + +This chart can deploy a MariaDB instance (using Bitnami's Helm Chart dependency) and configure it for Mailu to use it. + +In order to do so, set `mariadb.enabled` to `true`. + +The `root` and `mailu` passwords will be automatically generated by default and stored in a secret. + +Make sure to also set `mariadb.primary.persistence.enabled` to `true` and configure it accordingly. + +See [Bitnami's MariaDB Helm Chart](https://artifacthub.io/packages/helm/bitnami/mariadb) for more configuration options (to be configured under the `mailu` key in your `values.yaml` file). + +### Embedded Postgresql + +This chart can deploy a Postgresql instance (using Bitnami's Helm Chart dependency) and configure it for Mailu to use it. + +In order to do so, set `postgresql.enabled` to `true`. + +The `postgres` and `mailu` passwords will be automatically generated by default and stored in a secret. + +Make sure to also set `postgresql.primary.persistence.enabled` to `true` and configure it accordingly. + +See [Bitnami's Postgresql Helm Chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for more configuration options (to be configured under the `mailu` key in your `values.yaml` file). + +### Using an external database + +An external MariaDB / MySQL or Postgresql database can be used by setting `externalDatabase.enabled` to `true`. + +The connection settings to the external database needs to be configured under `externalDatabase`. + +### Roundcube's database + +The roundcube database settings can be moified via `global.database.roundcube` (database name, username, password). + +## Timezone + +By default, no timezone is set to the PODS, so logs and mail timestamps are all UTC. The option `timezone` allows to use specify a time zone to use (e.g. `Europe/Berlin`). + +Note that this requires timezone data installed on the host filesystem that will be mounted into pods as localtime. When is solved, the chart will be modified to use this solution instead of host files. + +## Exposing mail ports to the public + +There are several ways to expose mail ports to the public. If you do so, make sure you read and understand the warning above about open relays. + +### Running on a single node with a public IP + +This is the most straightforward way to run mailu. It can be used when the node where mailu (or at least the "front" POD) runs on a specific node that has a public ip address which is used for mail. All mail ports of the "front" POD will be simply exposed via the "hostPort" function. + +To use this mode, set `front.hostPort.enabled` to `true` (which is the default). If your cluster has multiple nodes, you should use `front.nodeSelector` to bind the front container on the node where your public mail IP is located on. + +### Running on bare metal with k3s and klipper-lb + +If you run on bare metal with k3s (e.g by using k3os), you can use the build-in load balancer [klipper-lb](https://rancher.com/docs/k3s/latest/en/networking/#service-load-balancer). To expose mailu via loadBalancer, set: + +- `front.hostPort.enabled`: `false` +- `externalService.enabled`: `true` +- `externalService.type`: `LoadBalancer` +- `externalService.externalTrafficPolicy`: `Local` + +The [externalTrafficPolicy](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) is important to preserve the client's source IP and avoid an open relay. + +Please perform open relay tests after setup as described above! + +## Environment variables mapping + +The table below lists the environment variables that will be passed to the pods and their respective configuration path in the `values.yaml` file. + +| Mailu env var | `values.yaml` config path | Comment | Default value (Mailu 'docker' version) | Helm default value | +| --------------------------------- | -------------------------------------- | ---------------------------------------------------------- | -------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | +| `ADMIN` | `admin.enabled` | | `none` | `true` | +| `ANTIVIRUS_ACTION` | `rspamd.antivirusAction` | | `discard` | `discard` | +| `AUTH_RATELIMIT_EXEMPTION_LENGTH` | `limits.authRatelimit.exemptionLength` | | `86400` | `86400` | +| `AUTH_RATELIMIT_EXEMPTION` | `limits.authRatelimit.exemption` | | `` | `` | +| `AUTH_RATELIMIT_IP` | `limits.authRatelimit.ip` | | `60/hour` | `60/hour` | +| `AUTH_RATELIMIT_IP_V4_MASK` | `limits.authRatelimit.ipv4Mask` | | `24` | `24` | +| `AUTH_RATELIMIT_IP_V6_MASK` | `limits.authRatelimit.ipv6Mask` | | `56` | `56` | +| `AUTH_RATELIMIT_USER` | `limits.authRatelimit.user` | | `100/day` | `100/day` | +| `BABEL_DEFAULT_LOCALE` | - | | `en` | `en` | +| `BABEL_DEFAULT_TIMEZONE` | - | | `UTC` | `UTC` | +| `BOOTSTRAP_SERVE_LOCAL` | - | | `True` | `True` | +| `CREDENTIAL_ROUNDS` | `credentialRounds` | | `12` | `12` | +| `DB_FLAVOR` | | Managed by Helm chart | None | | +| `DB_HOST` | | Managed by Helm chart | database | | +| `DB_NAME` | | Managed by Helm chart | mailu | | +| `DB_PW` | | Managed by Helm chart | None | | +| `DB_USER` | | Managed by Helm chart | mailu | | +| `DEBUG_ASSETS` | - | | `` | | +| `DEBUG` | - | | `False` | `false` | +| `DEBUG_PROFILER` | - | | `False` | `false` | +| `DEBUG_TB_INTERCEPT_REDIRECTS` | - | | `False` | `false` | +| `DEFAULT_QUOTA` | - | | `1000000000` | `1000000000` | +| `DEFAULT_SPAM_THRESHOLD` | - | | `80` | `80` | +| `DEFER_ON_TLS_ERROR` | - | | `True` | `true` | +| `DISABLE_STATISTICS` | - | | `False` | `false` | +| `DKIM_PATH` | - | | `/dkim/{domain}.{selector}.key` | `/dkim/{domain}.{selector}.key` | +| `DKIM_SELECTOR` | - | | `dkim` | `dkim` | +| `DMARC_RUA` | `dmarc.rua` | | `none` | `none` | +| `DMARC_RUF` | `dmarc.ruf` | | `none` | `none` | +| `DOCKER_SOCKET` | - | Not set in Helm Chart | `unix:///var/run/docker.sock` | - | +| `DOMAIN` | `domain` | | `mailu.io` | _unset_ | +| `DOMAIN_REGISTRATION` | - | | `False` | `false` | +| `FETCHMAIL_ENABLED` | `fetchmail.enabled` | | `False` | `false` | +| `HOSTNAMES` | `hostnames` | Use an array in Helm values instead of a string | `mail.mailu.io,alternative.mailu.io,yetanother.mailu.io` | `[]` | +| `INBOUND_TLS_ENFORCE` | - | | `False` | `false` | +| `INSTANCE_ID_PATH` | - | | `/data/instance` | `/data/instance` | +| `KUBERNETES_INGRESS` | - | | `False` | `false` | +| `LOG_LEVEL` | `logLevel` | Can be overriden for each pod through `COMPONENT.logLevel` | `WARNING` | `WARNING` | +| `LOGO_BACKGROUND` | `customization.logoBackground` | | `None` | `none` | +| `LOGO_URL` | `customization.logoUrl` | | `None` | `none` | +| `MEMORY_SESSIONS` | `ingress.enabled` | | `False` | `true` | +| `MESSAGE_RATELIMIT_EXEMPTION` | `limits.messageRatelimit.exemption` | | `` | `` | +| `MESSAGE_RATELIMIT` | `limits.messageRatelimit.value` | | `200/day` | `200/day` | +| `PERMANENT_SESSION_LIFETIME` | `permanentSessionLifetime` | | `30*24*3600` | `2592000` | +| `POSTMASTER` | `postmaster` | | `postmaster` | `postmaster` | +| `PROXY_AUTH_CREATE` | `proxyAuth.create` | | `False` | `false` | +| `PROXY_AUTH_HEADER` | `proxyAuth.header` | | `X-Auth-Email` | `X-Auth-Email` | +| `PROXY_AUTH_WHITELIST` | `proxyAuth.whitelist` | | `` | `` | +| `RATELIMIT_STORAGE_URL` | - | Managed by Helm chart | `` | | +| `RECAPTCHA_PRIVATE_KEY` | - | | `` | `` | +| `RECAPTCHA_PUBLIC_KEY` | - | | `` | `` | +| `REAL_IP_FROM` | `ingress.realIpFrom` | | `` | `0.0.0.0/0` | +| `REAL_IP_HEADER` | `ingress.realIpHeader` | | `` | `X-Forwarded-For` | +| `RECIPIENT_DELIMITER` | `recipientDelimiter` | | `` | `+` | +| `REJECT_UNLISTED_RECIPIENT` | - | | `yes` | `yes` | +| `RELAYHOST` | `externalRealy.host` | | `` | `` | +| `RELAYNETS` | `externalRealy.networks` | | `` | `` | +| `ROUNDCUBE_DB_FLAVOR` | - | Managed by Helm chart | `sqlite` | `` | +| `SECRET_KEY` | `secretKey` or `existingSecret` | Auto-generated if not provided or empty | `changeMe` | _auto-generated_ | +| `SESSION_COOKIE_SECURE` | `sessionCookieSecure` | | `None` | `true` | +| `SESSION_KEY_BITS` | - | | `128` | `128` | +| `SESSION_TIMEOUT` | `sessionTimeout` | | `3600` | `3600` | +| `SITENAME` | `customization.siteName` | | `Mailu` | `Mailu` | +| `SQLALCHEMY_DATABASE_URI` | - | | `sqlite:////data/main.db` | `sqlite:////data/main.db` | +| `SQLALCHEMY_TRACK_MODIFICATIONS` | - | | `False` | `false` | +| `SQLITE_DATABASE_FILE` | - | | `data/main.db` | `data/main.db` | +| `STATS_ENDPOINT` | - | | `19.{}.stats.mailu.io` | `19.{}.stats.mailu.io` | +| `SUBNET6` | `subnet6` | _warning: IPv6 support with Kubernetes is untested_ | `None` | `none` | +| `SUBNET` | `subnet` | | `192.168.203.0/24` | `10.42.0.0/16` | +| `TEMPLATES_AUTO_RELOAD` | - | | `True` | `True` | +| `TLS_FLAVOR` | `ingress.tlsFlavorOverride` | | `cert` | `cert` | +| `TLS_PERMISSIVE` | - | | `True` | `True` | +| `TZ` | `timezone` | | `Etc/UTC` | `Etc/UTC` | +| `WEB_ADMIN` | `admin.uri` | | `/admin` | `/admin` | +| `WEBMAIL` | `webmail.type` | | `none` | `roundcube` | +| `WEBSITE` | `customization.website` | | `https://mailu.io` | `https://mailu.io` | +| `WEB_WEBMAIL` | `webmail.uri` | | `/webmail` | `/webmail` | +| `WELCOME` | `welcomeMessage.enabled` | | `False` | `false` | +| `WELCOME_BODY` | `welcomeMessage.body` | | `Dummy welcome body` | `Welcome to Mailu, your new email service. Please change your password and update your profile.` | +| `WELCOME_SUBJECT` | `welcomeMessage.subject` | | `Dummy welcome topic` | `Welcome to Mailu` | +| `WILDCARD_SENDERS` | - | | `` | `` | +| `*_ADDRESS` | - | Auto-generated by Helm chart | `` | `` | diff --git a/charts/mailu/ci/helm-lint-values.yaml b/charts/mailu/ci/helm-lint-values.yaml new file mode 100644 index 0000000..b69e8ee --- /dev/null +++ b/charts/mailu/ci/helm-lint-values.yaml @@ -0,0 +1,160 @@ +hostnames: + - example.com + +domain: example.com + +initialAccount: + enabled: true + username: mailadmin + domain: example.com + password: chang3m3! + +secretKey: chang3m3! + +subnet: 192.168.0.0/16 + +networkPolicy: + enabled: true + +persistence: + single_pvc: false + +postgresql: + enabled: true + postgresqlUsername: mailu + postgresqlPassword: chang3m3! + postgresqlDatabase: mailu + primary: + persistence: + enabled: true + size: 10Gi + resources: + requests: + memory: 500Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 1 + +ingress: + enabled: true + selfSigned: true + annotations: + auth.cluster.arpa/enabled: "false" + +front: + logLevel: INFO + # image: + # tag: master + resources: + requests: + memory: 100Mi + cpu: 100m + limits: + memory: 200Mi + cpu: 200m + +admin: + logLevel: DEBUG + # image: + # tag: master + resources: + requests: + memory: 500Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 1 + +postfix: + logLevel: INFO + # image: + # tag: master + resources: + requests: + memory: 2Gi + cpu: 100m + limits: + memory: 2Gi + cpu: 1 + +dovecot: + logLevel: INFO + # image: + # tag: master + resources: + requests: + memory: 500Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 1 + +rspamd: + logLevel: INFO + # image: + # tag: master + resources: + requests: + memory: 100Mi + cpu: 100m + limits: + memory: 200Mi + cpu: 1 + +clamav: + logLevel: INFO + # image: + # tag: master + resources: + requests: + memory: 1Gi + cpu: 100m + limits: + memory: 2Gi + cpu: 1 + +webmail: + logLevel: INFO + # image: + # tag: master + resources: + requests: + memory: 100Mi + cpu: 100m + limits: + memory: 200Mi + cpu: 1 + +webdav: + logLevel: INFO + image: + tag: master + +fetchmail: + logLevel: INFO + # image: + # tag: master + +redis: + master: + resources: + requests: + memory: 500Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 1 + +tika: + enabled: true + languages: + - en + - fr + +oletools: + enabled: true + +api: + enabled: true + token: chang3m3! diff --git a/charts/mailu/linter_values.yaml b/charts/mailu/linter_values.yaml new file mode 100644 index 0000000..f192093 --- /dev/null +++ b/charts/mailu/linter_values.yaml @@ -0,0 +1 @@ +ci/helm-lint-values.yaml \ No newline at end of file diff --git a/charts/mailu/templates/NOTES.txt b/charts/mailu/templates/NOTES.txt new file mode 100644 index 0000000..162e859 --- /dev/null +++ b/charts/mailu/templates/NOTES.txt @@ -0,0 +1,38 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +After all services are running, your mail system is reachable under + + https://{{ .Values.hostnames|first }} + +{{- if .Values.initialAccount.enabled }} + +You can login to the admin panel using the following initial credentials (if not changed yet): + + https://{{ .Values.hostnames|first }}/admin + + Username: {{ .Values.initialAccount.username }}@{{ .Values.initialAccount.domain }} + + The password can be retrieved in the '{{ include "mailu.initialAccount.secretName" . }}' secret. + To retrieve the password, run: + + kubectl --namespace={{ .Release.Namespace }} get secrets {{ include "mailu.initialAccount.secretName" . }} -o jsonpath='{.data.{{ include "mailu.initialAccount.secretKey" . }}}' | base64 --decode + + !!! Please change the password after 1st login !!! + +{{- else }} + +After you created an initial admin login (see docs), you can login to the admin panel at + + https://{{ .Values.hostnames|first }}/admin + +{{- end }} + +!!! Please make sure you read and understand the warning about open relays in the README.md !!! + +If you're upgrading from Mailu < 2024.06, please read this: https://mailu.io/2024.06/releases.html#after-upgrading + +{{ include "mailu.validateValues" . }} diff --git a/charts/mailu/templates/_claims.tpl b/charts/mailu/templates/_claims.tpl new file mode 100644 index 0000000..62b57cc --- /dev/null +++ b/charts/mailu/templates/_claims.tpl @@ -0,0 +1,34 @@ +{{/* Admin pod persistent volume claim name */}} +{{ define "mailu.admin.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.admin.persistence.claimNameOverride | default (printf "%s-admin" (include "mailu.fullname" .)) -}} +{{- end -}} + +{{/* Dovecot pod persistent volume claim name */}} +{{ define "mailu.dovecot.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.dovecot.persistence.claimNameOverride | default (printf "%s-dovecot" (include "mailu.fullname" .)) -}} +{{- end -}} + +{{/* Postfix pod persistent volume claim name */}} +{{ define "mailu.postfix.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.postfix.persistence.claimNameOverride | default (printf "%s-postfix" (include "mailu.fullname" .)) -}} +{{- end -}} + +{{/* Rspamd pod persistent volume claim name */}} +{{ define "mailu.rspamd.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.rspamd.persistence.claimNameOverride | default (printf "%s-rspamd" (include "mailu.fullname" .)) -}} +{{- end -}} + +{{/* Roundcube pod persistent volume claim name */}} +{{ define "mailu.webmail.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.webmail.persistence.claimNameOverride | default (printf "%s-webmail" (include "mailu.fullname" .)) -}} +{{- end -}} + +{{/* Fetchmail pod persistent volume claim name */}} +{{ define "mailu.fetchmail.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.fetchmail.persistence.claimNameOverride | default (printf "%s-fetchmail" (include "mailu.fullname" .)) -}} +{{- end -}} + +{{/* Webdav pod persistent volume claim name */}} +{{ define "mailu.webdav.claimName" }} +{{- .Values.persistence.single_pvc | ternary (include "mailu.claimName" .) .Values.webdav.persistence.claimNameOverride | default (printf "%s-webdav" (include "mailu.fullname" .)) -}} +{{- end -}} diff --git a/charts/mailu/templates/_database.tpl b/charts/mailu/templates/_database.tpl new file mode 100644 index 0000000..d029779 --- /dev/null +++ b/charts/mailu/templates/_database.tpl @@ -0,0 +1,162 @@ +{{/* Returns the database type (sqlite/mysql/postgresql) */}} +{{- define "mailu.database.type" -}} +{{- if or .Values.postgresql.enabled (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql")) -}} + {{- print "postgresql" }} +{{- else if or .Values.mariadb.enabled (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql")) -}} + {{- print "mysql" }} +{{- else if not .Values.externalDatabase.enabled -}} + {{- print "sqlite" }} +{{- else -}} + {{ fail "Invalid database type. Use correct database type (mysql/postgresql) if using external database." }} +{{- end -}} +{{- end -}} + +{{/* Returns the database hostname */}} +{{- define "mailu.database.host" -}} +{{- if .Values.mariadb.enabled -}} + {{- template "mariadb.primary.fullname" .Subcharts.mariadb -}} +{{- else if .Values.postgresql.enabled -}} + {{- template "postgresql.primary.fullname" .Subcharts.postgresql -}} +{{- else if .Values.externalDatabase.enabled -}} + {{- .Values.externalDatabase.host -}} +{{- end -}} +{{- end -}} + +{{/* Return the database port */}} +{{- define "mailu.database.port" -}} +{{- if .Values.mariadb.enabled -}} + {{- print "3306" -}} +{{- else if .Values.postgresql.enabled -}} + {{- print "5432" -}} +{{- else -}} + {{- .Values.externalDatabase.port -}} +{{- end -}} +{{- end -}} + +{{/* Return the database name for Mailu */}} +{{- define "mailu.database.name" -}} +{{- if .Values.mariadb.enabled -}} + {{- .Values.mariadb.auth.database | quote -}} +{{- else if .Values.postgresql.enabled -}} + {{- if .Values.global.postgresql -}} + {{- if .Values.global.postgresql.auth -}} + {{- coalesce .Values.global.postgresql.auth.database .Values.postgresql.auth.database | quote -}} + {{- else -}} + {{- .Values.postgresql.auth.database | quote -}} + {{- end -}} + {{- else -}} + {{- .Values.postgresql.auth.database | quote -}} + {{- end -}} +{{- else -}} + {{- (include "mailu.database.external.database" .) | quote }} +{{- end -}} +{{- end -}} + +{{/* Return the database username for Mailu */}} +{{- define "mailu.database.username" -}} +{{- if .Values.mariadb.enabled -}} + {{- .Values.mariadb.auth.username | quote }} +{{- else if .Values.postgresql.enabled -}} + {{- if .Values.global.postgresql }} + {{- if .Values.global.postgresql.auth }} + {{- coalesce .Values.global.postgresql.auth.username .Values.postgresql.auth.username | quote -}} + {{- else -}} + {{- .Values.postgresql.auth.username | quote -}} + {{- end -}} + {{- else -}} + {{- .Values.postgresql.auth.username | quote -}} + {{- end -}} +{{- else }} + {{- (include "mailu.database.external.username" .) | quote }} +{{- end -}} +{{- end -}} + +{{/* Return the name of the secret for the external database */}} +{{- define "mailu.database.external.secretName" -}} +{{ include "common.secrets.name" (dict "existingSecret" .Values.externalDatabase.existingSecret "defaultNameSuffix" "externaldb" "context" .) }} +{{- end -}} + +{{/* Return the name of the external database */}} +{{- define "mailu.database.external.database" -}} +{{ (include "common.secrets.lookup" (dict "secret" (include "mailu.database.external.secretName" .) "key" .Values.externalDatabase.existingSecretDatabaseKey "defaultValue" .Values.externalDatabase.database "context" .)) | toString | b64dec }} +{{- end -}} + +{{/* Return the username of the external database */}} +{{- define "mailu.database.external.username" -}} +{{ (include "common.secrets.lookup" (dict "secret" (include "mailu.database.external.secretName" .) "key" .Values.externalDatabase.existingSecretUsernameKey "defaultValue" .Values.externalDatabase.username "context" .)) | toString | b64dec }} +{{- end -}} + +{{/* Return the password of the external database */}} +{{- define "mailu.database.external.password" -}} +{{ (include "common.secrets.lookup" (dict "secret" (include "mailu.database.external.secretName" .) "key" .Values.externalDatabase.existingSecretPasswordKey "defaultValue" .Values.externalDatabase.password "context" .)) | toString | b64dec }} +{{- end -}} + +{{/* Return the name of the mailu database secret with its credentials */}} +{{- define "mailu.database.secretName" -}} +{{- if .Values.mariadb.enabled -}} + {{- template "mariadb.secretName" .Subcharts.mariadb -}} +{{- else if .Values.postgresql.enabled -}} + {{- template "postgresql.secretName" .Subcharts.postgresql -}} +{{- else if ne (include "mailu.database.type" .) "sqlite" -}} + {{- if .Values.externalDatabase.enabled -}} + {{- include "mailu.database.external.secretName" . -}} + {{- end -}} +{{- else -}} + {{- print "" -}} +{{- end -}} +{{- end -}} + +{{/* Return the database password key */}} +{{- define "mailu.database.secretKey" -}} +{{- if .Values.mariadb.enabled -}} + {{- print "mariadb-password" -}} +{{- else if .Values.postgresql.enabled -}} + {{- print "password" -}} +{{- else -}} + {{- if .Values.externalDatabase.enabled -}} + {{- .Values.externalDatabase.existingSecretPasswordKey -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* Return the database name for Roundcube */}} +{{- define "mailu.database.roundcube.name" -}} +{{- .Values.global.database.roundcube.database | quote }} +{{- end -}} + +{{/* Return the database username for Roundcube */}} +{{- define "mailu.database.roundcube.username" -}} +{{- .Values.global.database.roundcube.username | quote }} +{{- end -}} + +{{/* Return the database password for Roundcube */}} +{{- define "mailu.database.roundcube.password" -}} +{{- include "common.secrets.passwords.manage" (dict "secret" (include "mailu.database.roundcube.secretName" .) "key" (include "mailu.database.roundcube.secretKey" .) "providedValues" (list "global.database.roundcube.password" "database.mysql.roundcubePassword" "database.postgresql.roundcubePassword") "length" 10 "strong" true "context" .) }} +{{- end -}} + +{{/* Return the name of the roundcube database secret */}} +{{- define "mailu.database.roundcube.secretName" -}} +{{- if .Values.global.database.roundcube.existingSecret -}} + {{- .Values.global.database.roundcube.existingSecret }} +{{- else -}} + {{- print "mailu-roundcube" }} +{{- end -}} +{{- end -}} + +{{- define "mariadb.mailu.database.roundcube.secretName" -}} +{{- include "mailu.database.roundcube.secretName" -}} +{{- end -}} + + +{{/* Return the roundcube database password key */}} +{{- define "mailu.database.roundcube.secretKey" -}} +{{- if .Values.global.database.roundcube.existingSecret -}} + {{- if .Values.global.database.roundcube.existingSecretPasswordKey -}} + {{- .Values.global.database.roundcube.existingSecretPasswordKey }} + {{- else -}} + {{- print "roundcube-db-password" }} + {{- end -}} +{{- else -}} + {{- print "roundcube-db-password" }} +{{- end -}} +{{- end -}} diff --git a/charts/mailu/templates/_helpers.tpl b/charts/mailu/templates/_helpers.tpl new file mode 100644 index 0000000..34a96c3 --- /dev/null +++ b/charts/mailu/templates/_helpers.tpl @@ -0,0 +1,210 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mailu.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mailu.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Create the claimName: existingClaim if provided, otherwise claimNameOverride if provided, otherwise mailu-storage (or other fullname if overriden) +*/}} +{{- define "mailu.claimName" -}} +{{- if .Values.persistence.existingClaim -}} +{{- .Values.persistence.existingClaim -}} +{{- else if .Values.persistence.claimNameOverride -}} +{{- .Values.persistence.claimNameOverride -}} +{{- else -}} +{{ include "mailu.fullname" . }}-storage +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mailu.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Mailu version. If Values.mailuVersion is not set, using Chart.AppVersion +*/}} +{{- define "mailu.version" -}} +{{- if .Values.mailuVersion -}} +{{- .Values.mailuVersion -}} +{{- else -}} +{{- .Chart.AppVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Get the cluster domain name or default to cluster.local +*/}} +{{- define "mailu.clusterDomain" -}} +{{- if .Values.clusterDomain -}} + {{- .Values.clusterDomain -}} +{{- else -}} + {{- print "cluster.local" -}} +{{- end -}} +{{- end -}} + +{{/* +Get MailU domain name or throw an error if not set +*/}} +{{- define "mailu.domain" -}} +{{- if .Values.domain -}} + {{- .Values.domain -}} +{{- else -}} + {{- fail "You must set a domain name for Mailu (`domain:`)" -}} +{{- end -}} +{{- end -}} + +{{/* Get the MailU TLS Flavor */}} +{{- define "mailu.tlsFlavor" -}} +{{- if .Values.ingress.tlsFlavorOverride -}} +{{- .Values.ingress.tlsFlavorOverride -}} +{{- else -}} + {{- if .Values.ingress.tls -}} + {{- print "cert" -}} + {{- else -}} + {{- print "notls" -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Helper function to get the correct admin port. +Change was made in Mailu 2.0.22 and the port was switched from 80 to 8080. +This is for retro-compatibility purposes. +We need to perform some error handling in case the version provided is not a valid semver. +Only "master" is allowed to be used as a version other than the semver notation. +*/}} +{{- define "mailu.admin.port" -}} +{{- $semverRegex := `^v?(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-[\da-zA-Z-]+(?:\.[\da-zA-Z-]+)*)?(?:\+[\da-zA-Z-]+(?:\.[\da-zA-Z-]+)*)?$` -}} +{{- $version := (default (include "mailu.version" .) .Values.admin.image.tag) -}} +{{- if mustRegexMatch $semverRegex $version -}} + {{- if semverCompare "<2.0.22" $version -}} + {{- print "80" -}} + {{- else -}} + {{- print "8080" -}} + {{- end -}} +{{- else -}} + {{- print "8080" -}} +{{- end -}} +{{- end -}} + +{{/* Check for deprecated values and raise an error if found (upgrade to v1.0.0) */}} +{{- define "mailu.validateValues.deprecated" -}} +{{- $oldValues := list -}} +{{- $test := "" -}} + +{{- if or .Values.database.type .Values.database.roundcubeType -}} +{{- $oldValues = append $oldValues "database" -}} +{{- end -}} + +{{- if kindIs "map" .Values.mail -}} +{{- $oldValues = append $oldValues "mail" -}} +{{- end -}} + +{{- if kindIs "map" .Values.certmanager -}} +{{- $oldValues = append $oldValues "certmanager" -}} +{{- end -}} + +{{- if .Values.front.externalService.pop3 -}} +{{- $oldValues = append $oldValues "front.externalService.pop3" -}} +{{- end -}} + +{{- if .Values.front.externalService.imap -}} +{{- $oldValues = append $oldValues "front.externalService.imap" -}} +{{- end -}} + +{{- if .Values.front.externalService.smtp -}} +{{- $oldValues = append $oldValues "front.externalService.smtp" -}} +{{- end -}} + +{{- if .Values.front.controller -}} + {{- if .Values.front.controller.kind -}} + {{- $oldValues = append $oldValues "front.controller.kind" -}} + {{- end -}} +{{- end -}} + +{{- if .Values.ingress.tlsFlavor -}} +{{- $oldValues = append $oldValues "ingress.tlsFlavor" -}} +{{- end -}} + +{{- if .Values.ingress.externalIngress -}} +{{- $oldValues = append $oldValues "ingress.externalIngress" -}} +{{- end -}} + +{{- $oldValues := without $oldValues "" -}} +{{- $oldValue := join "\n" $oldValues -}} +{{- if $oldValues -}} +Deprecated configuration keys found in Values: + {{- range $oldValues -}} + {{- printf "\n - `%s`" . -}} + {{- end }} +Are you upgrading from a version < 1.0.0? +Please read the upgrade guide at XXX. +{{- end -}} +{{- end -}} + + +{{/* Compile all warnings into a single message, and call fail. */}} +{{- define "mailu.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mailu.validateValues.deprecated" .) -}} +{{- $messages := append $messages (include "mailu.validateValues.domain" .) -}} +{{- $messages := append $messages (include "mailu.validateValues.tika" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + + +{{/* Validate values - 'domain' needs to be set */}} +{{- define "mailu.validateValues.domain" -}} +{{- if not .Values.domain }} +mailu: domain + You need to set the domain to be used +{{- end -}} +{{- end -}} + +{{/* Check if .Values.tika.enabled and .Values.tika.languages is a non-empty array. +If .Values.tika.enabled is false, then mailu.fullTextSearch should be "off". +If .Values.tika.enabled is true, and .Values.tika.languages is an empty array, throw an error. +If .Values.tika.enabled is true, and .Values.tika.languages is a non-empty array, then mailu.fullTextSearch should be all languages joined by a comma. +*/}} +{{- define "mailu.validateValues.tika" -}} +{{- if .Values.tika.enabled -}} +{{/* Check if .Values.tika.languages is an empty array */}} +{{- if not .Values.tika.languages -}} +mailu: tika + Tika is enabled but no languages are set (tika.enabled = true, tika.languages = []) + You need to set at least one language for Tika in tika.languages +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Check if .Values.tika.enabled is false or a comma-separated list of languages in .Values.tika.languages */}} +{{- define "mailu.fullTextSearch" -}} +{{- if .Values.tika.enabled -}} + {{- if not .Values.tika.languages -}} + {{- print "off" -}} + {{- else -}} + {{- join "," .Values.tika.languages -}} + {{- end -}} +{{- else -}} + {{- print "off" -}} +{{- end -}} +{{- end -}} diff --git a/charts/mailu/templates/_secrets.tpl b/charts/mailu/templates/_secrets.tpl new file mode 100644 index 0000000..2820c72 --- /dev/null +++ b/charts/mailu/templates/_secrets.tpl @@ -0,0 +1,118 @@ + +{{/* Return mailu secretKey */}} +{{- define "mailu.secretKey" -}} +{{- include "common.secrets.passwords.manage" (dict "secret" (include "mailu.secretName" .) "key" "secret-key" "providedValues" (list "secretKey") "length" 10 "strong" true "context" .) }} +{{- end -}} + +{{/* Get the mailu secret name. */}} +{{- define "mailu.secretName" -}} +{{- include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "secret" "context" .) }} +{{- end -}} + +{{/* Return mailu initialAccount.password */}} +{{- define "mailu.initialAccount.password" -}} +{{- include "common.secrets.passwords.manage" (dict "secret" (include "mailu.initialAccount.secretName" .) "key" (include "mailu.initialAccount.secretKey" .) "providedValues" (list "initialAccount.password") "length" 10 "strong" true "context" .) }} +{{- end -}} + +{{/* Returns the mailu initialAccount secret name */}} +{{- define "mailu.initialAccount.secretName" -}} +{{- include "common.secrets.name" (dict "existingSecret" .Values.initialAccount.existingSecret "defaultNameSuffix" "initial-account" "context" .) }} +{{- end -}} + +{{/* Returns the mailu initialAccount key that contains the password in the secret */}} +{{- define "mailu.initialAccount.secretKey" -}} +{{ if .Values.initialAccount.existingSecretPasswordKey }} +{{- .Values.initialAccount.existingSecretPasswordKey -}} +{{- else -}} +{{- print "initial-account-password" -}} +{{- end -}} +{{- end -}} + +{{/* Get the certificates secret name */}} +{{- define "mailu.certificatesSecretName" -}} +{{- include "common.secrets.name" (dict "existingSecret" .Values.ingress.existingSecret "defaultNameSuffix" "certificates" "context" .) }} +{{- end -}} + +{{/* Get the mailu externalRelay secret */}} +{{- define "mailu.externalRelay.secretName" -}} +{{- include "common.secrets.name" (dict "existingSecret" .Values.externalRelay.existingSecret "defaultNameSuffix" "external-relay" "context" .) }} +{{- end -}} + +{{/* Get the mailu externalRelay username value */}} +{{- define "mailu.externalRelay.username" -}} +{{- include "common.secrets.passwords.manage" (dict "secret" (include "mailu.externalRelay.secretName" .) "key" .Values.externalRelay.usernameKey "providedValues" (list "externalRelay.username") "length" 10 "strong" false "context" .) }} +{{- end -}} + +{{/* Get the mailu externalRelay password value */}} +{{- define "mailu.externalRelay.password" -}} +{{- include "common.secrets.passwords.manage" (dict "secret" (include "mailu.externalRelay.secretName" .) "key" .Values.externalRelay.passwordKey "providedValues" (list "externalRelay.password") "length" 24 "strong" true "context" .) }} +{{- end -}} + + +{{/* Return mailu api.token */}} +{{- define "mailu.api.token" -}} +{{- include "common.secrets.passwords.manage" (dict "secret" (include "mailu.api.secretName" .) "key" (include "mailu.api.secretKey" .) "providedValues" (list "api.token") "length" 16 "strong" true "context" .) }} +{{- end -}} + +{{/* Returns the mailu api secret name */}} +{{- define "mailu.api.secretName" -}} +{{- include "common.secrets.name" (dict "existingSecret" .Values.api.existingSecret "defaultNameSuffix" "api" "context" .) }} +{{- end -}} + +{{/* Returns the mailu api key that contains the token in the secret */}} +{{- define "mailu.api.secretKey" -}} +{{ if .Values.api.existingSecretTokenKey }} +{{- .Values.api.existingSecretTokenKey -}} +{{- else -}} +{{- print "api-token" -}} +{{- end -}} +{{- end -}} + +{{/* Get the mailu env vars secrets */}} +{{- define "mailu.envvars.secrets" -}} +- name: SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ template "mailu.secretName" . }} + key: secret-key +{{- if .Values.initialAccount.enabled }} +- name: INITIAL_ADMIN_PW + valueFrom: + secretKeyRef: + name: {{ include "mailu.initialAccount.secretName" . }} + key: {{ include "mailu.initialAccount.secretKey" . }} +{{- end }} +{{- if not (eq (include "mailu.database.type" .) "sqlite") }} +- name: DB_PW + valueFrom: + secretKeyRef: + name: {{ include "mailu.database.secretName" . }} + key: {{ include "mailu.database.secretKey" . }} +{{- end }} +{{- if .Values.webmail.enabled }} +- name: ROUNDCUBE_DB_PW + valueFrom: + secretKeyRef: + name: {{ include "mailu.database.roundcube.secretName" . }} + key: {{ include "mailu.database.roundcube.secretKey" . }} +{{- end }} +{{- if .Values.externalRelay.host }} +- name: RELAYUSER + valueFrom: + secretKeyRef: + name: {{ include "mailu.externalRelay.secretName" . }} + key: {{ .Values.externalRelay.usernameKey }} +- name: RELAYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mailu.externalRelay.secretName" . }} + key: {{ .Values.externalRelay.passwordKey }} +{{- end }} +{{- if .Values.api.enabled }} +- name: API_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "mailu.api.secretName" . }} + key: {{ include "mailu.api.secretKey" . }} +{{- end }} +{{- end -}} diff --git a/charts/mailu/templates/_services.tpl b/charts/mailu/templates/_services.tpl new file mode 100644 index 0000000..bdb405e --- /dev/null +++ b/charts/mailu/templates/_services.tpl @@ -0,0 +1,254 @@ +{{/* +Mailu services: +- admin +- clamav +- dovecot +- fetchmail +- front +- postfix +- redis +- webmail +- rspamd +- webdav +- oletools +- tika + +Service name can be retrieved with `mailu.SERVICE.serviceName` +Service fqdn (within cluster) can be retrieved with `mailu.SERVICE.serviceFqdn` +*/}} + +{{/* Returns admin internal service name. */}} +{{- define "mailu.admin.serviceName" -}} +{{- printf "%s-admin" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns admin internal service fqdn. */}} +{{- define "mailu.admin.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.admin.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns clamav internal service name. */}} +{{- define "mailu.clamav.serviceName" -}} +{{- printf "%s-clamav" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns clamav internal service fqdn. */}} +{{- define "mailu.clamav.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.clamav.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} +{{/* Returns clamav internal headless service name. */}} +{{- define "mailu.clamav.serviceNameHeadless" -}} +{{- printf "%s-headless" (include "mailu.clamav.serviceName" .) -}} +{{- end -}} + +{{/* Returns dovecot internal service name. */}} +{{- define "mailu.dovecot.serviceName" -}} +{{- printf "%s-dovecot" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns dovecot internal service fqdn. */}} +{{- define "mailu.dovecot.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.dovecot.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns fetchmail internal service name. */}} +{{- define "mailu.fetchmail.serviceName" -}} +{{- printf "%s-fetchmail" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns fetchmail internal service fqdn. */}} +{{- define "mailu.fetchmail.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.fetchmail.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns front internal service name. */}} +{{- define "mailu.front.serviceName" -}} +{{- printf "%s-front" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns front internal service fqdn. */}} +{{- define "mailu.front.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.front.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns postfix internal service name. */}} +{{- define "mailu.postfix.serviceName" -}} +{{- printf "%s-postfix" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns postfix internal service fqdn. */}} +{{- define "mailu.postfix.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.postfix.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns redis internal service name. */}} +{{- define "mailu.redis.serviceName" -}} +{{- printf "%s-master" (include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $)) -}} +{{- end -}} +{{/* Returns redis service fqdn. */}} +{{- define "mailu.redis.serviceFqdn" -}} +{{- if .Values.externalRedis.enabled -}} + {{- if not .Values.externalRedis.host -}} + {{- fail "externalRedis.host must be set when externalRedis.enabled is true" -}} + {{- else -}} + {{- printf "%s" .Values.externalRedis.host -}} + {{- end -}} +{{- else -}} + {{- printf "%s.%s.svc.%s" (include "mailu.redis.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} +{{- end -}} +{{/* Returns redis port */}} +{{- define "mailu.redis.port" -}} +{{- if .Values.externalRedis.enabled -}} + {{- if not .Values.externalRedis.port -}} + {{- fail "externalRedis.port must be set when externalRedis.enabled is true" -}} + {{- else -}} + {{- printf "%d" (.Values.externalRedis.port | int) -}} + {{- end -}} +{{- else -}} + {{- printf "6379" -}} +{{- end -}} +{{- end -}} +{{/* Returns Redis database ID for the quota storage on the admin pod */}} +{{- define "mailu.redis.db.adminQuota" -}} +{{- if .Values.externalRedis.enabled -}} + {{- printf "%d" (.Values.externalRedis.adminQuotaDbId | int) -}} +{{- else -}} + {{- printf "1" -}} +{{- end -}} +{{- end -}} +{{/* Returns Redis database ID for the rate limit storage on the admin pod */}} +{{- define "mailu.redis.db.rateLimit" -}} +{{- if .Values.externalRedis.enabled -}} + {{- printf "%d" (.Values.externalRedis.adminRateLimitDbId | int) -}} +{{- else -}} + {{- printf "2" -}} +{{- end -}} +{{- end -}} + + +{{/* Returns webmail internal service name. */}} +{{- define "mailu.webmail.serviceName" -}} +{{- printf "%s-webmail" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns webmail internal service fqdn. */}} +{{- define "mailu.webmail.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.webmail.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns rspamd internal service name. */}} +{{- define "mailu.rspamd.serviceName" -}} +{{- printf "%s-rspamd" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns rspamd internal service fqdn. */}} +{{- define "mailu.rspamd.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.rspamd.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns webdav internal service name. */}} +{{- define "mailu.webdav.serviceName" -}} +{{- printf "%s-webdav" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns webdav internal service fqdn. */}} +{{- define "mailu.webdav.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.webdav.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + + +{{/* Returns oletools internal service name. */}} +{{- define "mailu.oletools.serviceName" -}} +{{- printf "%s-oletools" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns oletools internal service fqdn. */}} +{{- define "mailu.oletools.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.oletools.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + +{{/* Returns tika internal service name. */}} +{{- define "mailu.tika.serviceName" -}} +{{- printf "%s-tika" (include "mailu.fullname" .) -}} +{{- end -}} +{{/* Returns tika internal service fqdn. */}} +{{- define "mailu.tika.serviceFqdn" -}} +{{- printf "%s.%s.svc.%s" (include "mailu.tika.serviceName" . ) (include "common.names.namespace" . ) (include "mailu.clusterDomain" . ) -}} +{{- end -}} + + +{{/* Combine the enabled ports that should be exposed into a comma-separated string */}} +{{- define "mailu.enabledPorts" -}} +{{- $enabledPorts := list -}} + +{{- if .Values.ingress.enabled -}} + {{- $enabledPorts = append $enabledPorts "80" -}} + {{- $enabledPorts = append $enabledPorts "443" -}} +{{- end -}} + +{{- if .Values.front.externalService.enabled -}} + {{- if .Values.front.externalService.ports.pop3 -}} + {{- $enabledPorts = append $enabledPorts "110" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.pop3s -}} + {{- $enabledPorts = append $enabledPorts "995" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.imap -}} + {{- $enabledPorts = append $enabledPorts "143" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.imaps -}} + {{- $enabledPorts = append $enabledPorts "993" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.smtp -}} + {{- $enabledPorts = append $enabledPorts "25" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.smtps -}} + {{- $enabledPorts = append $enabledPorts "465" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.submission -}} + {{- $enabledPorts = append $enabledPorts "587" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.manageSieve -}} + {{- $enabledPorts = append $enabledPorts "4190" -}} + {{- end -}} +{{- end -}} + +{{- $enabledPortsString := join "," $enabledPorts -}} +{{- printf "%s" $enabledPortsString -}} +{{- end -}} + +{{/* Combine the ports for which PROXY protocol should be enabled into a comma-separated string */}} +{{- define "mailu.proxyProtocolPorts" -}} +{{- $proxyProtocolPorts := list -}} + +{{- if .Values.front.externalService.enabled -}} + {{- if .Values.front.externalService.ports.pop3 -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "110" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.pop3s -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "995" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.imap -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "143" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.imaps -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "993" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.smtp -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "25" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.smtps -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "465" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.submission -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "587" -}} + {{- end -}} + {{- if .Values.front.externalService.ports.manageSieve -}} + {{- $proxyProtocolPorts = append $proxyProtocolPorts "4190" -}} + {{- end -}} +{{- end -}} + +{{- $proxyProtocolPortsString := join "," $proxyProtocolPorts -}} +{{/* if any ports are enabled and .front.realIpFrom is empty, fail */}} +{{- if and (gt (len $proxyProtocolPorts) 0) (not .Values.front.realIpFrom) -}} + {{- fail "PROXY protocol is enabled for some ports, but front.realIpFrom is not set" -}} +{{- end -}} + +{{/* if any ports are enabled and .front.realIpHeader is set, fail */}} +{{- if and (gt (len $proxyProtocolPorts) 0) .Values.front.realIpHeader -}} + {{- fail "PROXY protocol is enabled for some ports, but front.realIpHeader is set" -}} +{{- end -}} + +{{- printf "%s" $proxyProtocolPortsString -}} +{{- end -}} diff --git a/charts/mailu/templates/admin/deployment.yaml b/charts/mailu/templates/admin/deployment.yaml new file mode 100644 index 0000000..9c44c6b --- /dev/null +++ b/charts/mailu/templates/admin/deployment.yaml @@ -0,0 +1,141 @@ +--- +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-admin" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: admin + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.admin.updateStrategy }} + strategy: {{- toYaml .Values.admin.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.admin.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: admin + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: admin + {{- if .Values.admin.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.admin.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.admin.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.admin.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.admin.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.admin.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.admin.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.admin.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.admin.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.priorityClassName }} + priorityClassName: {{ .Values.admin.priorityClassName | quote }} + {{- end }} + {{- if .Values.admin.schedulerName }} + schedulerName: {{ .Values.admin.schedulerName | quote }} + {{- end }} + {{- if .Values.admin.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.admin.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.admin.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.admin.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.admin.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.admin.podSecurityContext.enabled }} + securityContext: {{- omit .Values.admin.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: admin + image: {{ .Values.imageRegistry }}/{{ .Values.admin.image.repository }}:{{ default (include "mailu.version" .) .Values.admin.image.tag }} + imagePullPolicy: {{ .Values.admin.image.pullPolicy }} + {{- if .Values.admin.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.admin.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + subPath: admin + mountPath: /data + - name: data + mountPath: /dkim + subPath: dkim + {{- if .Values.admin.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.admin.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.admin.logLevel }} + - name: QUOTA_STORAGE_URL + value: {{ printf "redis://%s:%s/%s" (include "mailu.redis.serviceFqdn" .) (include "mailu.redis.port" .) (include "mailu.redis.db.adminQuota" .) }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.admin.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.admin.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.admin.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.admin.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.admin.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.admin.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: {{ int (include "mailu.admin.port" .) }} + protocol: TCP + {{- if .Values.admin.resources }} + resources: {{- toYaml .Values.admin.resources | nindent 12 }} + {{- end }} + {{- if .Values.admin.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.admin.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- if .Values.admin.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.admin.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- if .Values.admin.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.admin.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + {{- if .Values.admin.extraContainers }} + {{- toYaml .Values.admin.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.admin.claimName" . }} + {{- if .Values.admin.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.admin.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/mailu/templates/admin/pvc.yaml b/charts/mailu/templates/admin/pvc.yaml new file mode 100644 index 0000000..9984022 --- /dev/null +++ b/charts/mailu/templates/admin/pvc.yaml @@ -0,0 +1,33 @@ +--- +{{- if not .Values.persistence.single_pvc }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.admin.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: admin + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.admin.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.admin.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.admin.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.admin.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.admin.persistence.size | quote }} + {{- if .Values.admin.persistence.storageClass }} + storageClassName: {{ .Values.admin.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/admin/service.yaml b/charts/mailu/templates/admin/service.yaml new file mode 100644 index 0000000..97c1a81 --- /dev/null +++ b/charts/mailu/templates/admin/service.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.admin.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: admin + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.admin.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.admin.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: admin + ports: + - name: http + port: {{ int (include "mailu.admin.port" .) }} + protocol: TCP diff --git a/charts/mailu/templates/clamav/service-headless.yaml b/charts/mailu/templates/clamav/service-headless.yaml new file mode 100644 index 0000000..30dc057 --- /dev/null +++ b/charts/mailu/templates/clamav/service-headless.yaml @@ -0,0 +1,36 @@ +--- +{{- if .Values.clamav.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.clamav.serviceNameHeadless" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clamav + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.clamav.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clamav.service.annotations "context" $) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: clamav + ports: + - name: clamav + port: 3310 + targetPort: clamav + protocol: TCP +{{- end }} diff --git a/charts/mailu/templates/clamav/service.yaml b/charts/mailu/templates/clamav/service.yaml new file mode 100644 index 0000000..1adff53 --- /dev/null +++ b/charts/mailu/templates/clamav/service.yaml @@ -0,0 +1,24 @@ +--- +{{- if .Values.clamav.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.clamav.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clamav + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.clamav.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.clamav.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: clamav + ports: + - name: clamav + port: 3310 + targetPort: clamav + protocol: TCP +{{- end }} diff --git a/charts/mailu/templates/clamav/statefulset.yaml b/charts/mailu/templates/clamav/statefulset.yaml new file mode 100644 index 0000000..7e063f0 --- /dev/null +++ b/charts/mailu/templates/clamav/statefulset.yaml @@ -0,0 +1,182 @@ +--- +{{- if .Values.clamav.enabled }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-clamav" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clamav + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.clamav.replicaCount }} + {{- if .Values.clamav.updateStrategy }} + updateStrategy: + {{- include "common.tplvalues.render" (dict "value" .Values.clamav.updateStrategy "context" $ ) | nindent 4 }} + {{- end }} + serviceName: {{ include "mailu.clamav.serviceNameHeadless" . | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: clamav + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: clamav + {{- if .Values.clamav.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.clamav.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.clamav.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.clamav.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.clamav.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.priorityClassName }} + priorityClassName: {{ .Values.clamav.priorityClassName | quote }} + {{- end }} + {{- if .Values.clamav.schedulerName }} + schedulerName: {{ .Values.clamav.schedulerName | quote }} + {{- end }} + {{- if .Values.clamav.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.clamav.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.clamav.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clamav.podSecurityContext.enabled }} + securityContext: {{- omit .Values.clamav.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: clamav + image: {{ .Values.clamav.image.registry }}/{{ .Values.clamav.image.repository }}:{{ .Values.clamav.image.tag }} + imagePullPolicy: {{ .Values.clamav.image.pullPolicy }} + {{- if .Values.clamav.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.clamav.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + subPath: clamav + mountPath: /var/lib/clamav + {{- if .Values.clamav.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.clamav.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.clamav.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.clamav.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.clamav.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.clamav.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.clamav.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.clamav.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.clamav.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: clamav + containerPort: 3310 + protocol: TCP + {{- if .Values.clamav.resources }} + resources: {{- toYaml .Values.clamav.resources | nindent 12 }} + {{- end }} + {{- if .Values.clamav.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clamav.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`' + {{- end }} + {{- if .Values.clamav.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clamav.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`' + {{- end }} + {{- if .Values.clamav.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clamav.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`' + {{- end }} + {{- if .Values.clamav.extraContainers }} + {{- toYaml .Values.clamav.extraContainers | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.clamav.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.clamav.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.clamav.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if .Values.clamav.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.clamav.persistence.existingClaim .) }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{- include "common.labels.standard" . | nindent 10 }} + app.kubernetes.io/component: clamav + {{- if .Values.clamav.persistence.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clamav.persistence.labels "context" $ ) | nindent 10 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 10 }} + {{- end }} + {{- if or .Values.clamav.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.clamav.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clamav.persistence.annotations "context" $ ) | nindent 10 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 10 }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.clamav.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.clamav.persistence.size | quote }} + {{- if .Values.clamav.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.clamav.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.clamav.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.clamav.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/dovecot/configmap.yaml b/charts/mailu/templates/dovecot/configmap.yaml new file mode 100644 index 0000000..2cff2b8 --- /dev/null +++ b/charts/mailu/templates/dovecot/configmap.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.dovecot.overrides .Values.dovecot.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-dovecot-override" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: dovecot + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- with .Values.dovecot.overrides }} +data: +{{- .|toYaml|nindent 2 }} +{{ end }} +{{ end }} diff --git a/charts/mailu/templates/dovecot/deployment.yaml b/charts/mailu/templates/dovecot/deployment.yaml new file mode 100644 index 0000000..4847972 --- /dev/null +++ b/charts/mailu/templates/dovecot/deployment.yaml @@ -0,0 +1,164 @@ +--- +{{- if .Values.dovecot.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-dovecot" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: dovecot + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.dovecot.updateStrategy }} + strategy: {{- toYaml .Values.dovecot.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.dovecot.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: dovecot + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: dovecot + {{- if .Values.dovecot.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.dovecot.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.dovecot.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.dovecot.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.priorityClassName }} + priorityClassName: {{ .Values.dovecot.priorityClassName | quote }} + {{- end }} + {{- if .Values.dovecot.schedulerName }} + schedulerName: {{ .Values.dovecot.schedulerName | quote }} + {{- end }} + {{- if .Values.dovecot.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dovecot.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.dovecot.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.dovecot.podSecurityContext.enabled }} + securityContext: {{- omit .Values.dovecot.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: dovecot + image: {{ .Values.imageRegistry }}/{{ .Values.dovecot.image.repository }}:{{ default (include "mailu.version" .) .Values.dovecot.image.tag }} + imagePullPolicy: {{ .Values.dovecot.image.pullPolicy }} + {{- if .Values.dovecot.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.dovecot.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + subPath: dovecotdata + mountPath: /data + - name: data + subPath: dovecotmail + mountPath: /mail + {{- if .Values.dovecot.overrides }} + - name: overrides + mountPath: /overrides + {{- end }} + {{- if .Values.dovecot.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.dovecot.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.dovecot.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.dovecot.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.dovecot.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.dovecot.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.dovecot.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: auth + containerPort: 2102 + protocol: TCP + - name: lmtp + containerPort: 2525 + protocol: TCP + - name: imap + containerPort: 143 + protocol: TCP + - name: pop3 + containerPort: 110 + protocol: TCP + - name: sieve + containerPort: 4190 + protocol: TCP + {{- if .Values.dovecot.resources }} + resources: {{- toYaml .Values.dovecot.resources | nindent 12 }} + {{- end }} + {{- if .Values.dovecot.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dovecot.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'kill -0 `cat /run/dovecot/master.pid`' + {{- end }} + {{- if .Values.dovecot.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dovecot.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'kill -0 `cat /run/dovecot/master.pid`' + {{- end }} + {{- if .Values.dovecot.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dovecot.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'kill -0 `cat /run/dovecot/master.pid`' + {{- end }} + {{- if .Values.dovecot.extraContainers }} + {{- toYaml .Values.dovecot.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.dovecot.claimName" . }} + {{- if .Values.dovecot.overrides }} + - name: overrides + configMap: + name: {{ printf "%s-dovecot-override" (include "mailu.fullname" .) }} + {{- end }} + {{- if .Values.dovecot.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.dovecot.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/dovecot/pvc.yaml b/charts/mailu/templates/dovecot/pvc.yaml new file mode 100644 index 0000000..e3663f1 --- /dev/null +++ b/charts/mailu/templates/dovecot/pvc.yaml @@ -0,0 +1,35 @@ +--- +{{- if .Values.dovecot.enabled }} +{{- if not .Values.persistence.single_pvc }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.dovecot.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: dovecot + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.dovecot.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.dovecot.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.dovecot.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.dovecot.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.dovecot.persistence.size | quote }} + {{- if .Values.dovecot.persistence.storageClass }} + storageClassName: {{ .Values.dovecot.persistence.storageClass }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/mailu/templates/dovecot/service.yaml b/charts/mailu/templates/dovecot/service.yaml new file mode 100644 index 0000000..e4c6237 --- /dev/null +++ b/charts/mailu/templates/dovecot/service.yaml @@ -0,0 +1,35 @@ +--- +{{- if .Values.dovecot.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.dovecot.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: dovecot + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.dovecot.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.dovecot.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: dovecot + ports: + - name: imap-auth + port: 2102 + protocol: TCP + - name: imap-transport + port: 2525 + protocol: TCP + - name: imap-default + port: 143 + protocol: TCP + - name: pop3 + port: 110 + protocol: TCP + - name: sieve + port: 4190 + protocol: TCP +{{- end }} diff --git a/charts/mailu/templates/envvars-configmap.yaml b/charts/mailu/templates/envvars-configmap.yaml new file mode 100644 index 0000000..b895a91 --- /dev/null +++ b/charts/mailu/templates/envvars-configmap.yaml @@ -0,0 +1,177 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + ADMIN: {{ .Values.admin.enabled | quote }} + ANTIVIRUS_ACTION: {{ .Values.rspamd.antivirusAction | quote }} + AUTH_RATELIMIT_EXEMPTION_LENGTH: {{ .Values.limits.authRatelimit.exemptionLength | quote }} + AUTH_RATELIMIT_EXEMPTION: {{ .Values.limits.authRatelimit.exemption | quote }} + AUTH_RATELIMIT_IP_V4_MASK: {{ .Values.limits.authRatelimit.ipv4Mask | quote }} + AUTH_RATELIMIT_IP_V6_MASK: {{ .Values.limits.authRatelimit.ipv6Mask | quote }} + AUTH_RATELIMIT_IP: {{ .Values.limits.authRatelimit.ip | quote }} + AUTH_RATELIMIT_USER: {{ .Values.limits.authRatelimit.user | quote }} + AUTH_REQUIRE_TOKENS: {{ .Values.authRequireTokens | quote }} + BABEL_DEFAULT_LOCALE: "en" + BABEL_DEFAULT_TIMEZONE: "UTC" + BOOTSTRAP_SERVE_LOCAL: "true" + COMPRESSION_LEVEL: {{ .Values.dovecot.compressionLevel | quote }} + COMPRESSION: {{ .Values.dovecot.compression | quote }} + CREDENTIAL_ROUNDS: {{ .Values.credentialRounds | quote }} + DB_FLAVOR: {{ include "mailu.database.type" . }} + DB_HOST: {{ printf "%s:%s" (include "mailu.database.host" .) (include "mailu.database.port" .) | quote}} + DB_NAME: {{ include "mailu.database.name" . }} + # DB_PW => via secret + DB_USER: {{ include "mailu.database.username" . }} + DEBUG_ASSETS: "" + DEBUG: "false" + DEBUG_PROFILER: "false" + DEBUG_TB_INTERCEPT_REDIRECTS: "false" + DEFAULT_QUOTA: "1000000000" + DEFAULT_SPAM_THRESHOLD: "80" + DEFER_ON_TLS_ERROR: {{ .Values.tls.deferOnError | quote }} + DISABLE_STATISTICS: "false" + DKIM_PATH: "/dkim/{domain}.{selector}.key" + DKIM_SELECTOR: "dkim" + DMARC_RUA: {{ .Values.dmarc.rua | quote }} + DMARC_RUF: {{ .Values.dmarc.ruf | quote }} + DOMAIN_REGISTRATION: "false" + DOMAIN: {{ .Values.domain | quote }} + FETCHMAIL_DELAY: {{ .Values.fetchmail.delay | quote }} + FETCHMAIL_ENABLED: {{ .Values.fetchmail.enabled | quote }} + HOSTNAMES: {{ join "," .Values.hostnames }} + INBOUND_TLS_ENFORCE: {{ .Values.tls.inboundEnforce | quote }} + INSTANCE_ID_PATH: "/data/instance" + KUBERNETES_INGRESS: {{ .Values.ingress.enabled | quote }} + LETSENCRYPT_SHORTCHAIN: {{ .Values.letsencryptShortchain | quote }} + LOG_LEVEL: {{ .Values.logLevel | quote }} + LOGO_BACKGROUND: {{ .Values.customization.logoBackground | quote }} + LOGO_URL: {{ .Values.customization.logoUrl | quote }} + MAILU_HELM_CHART: "true" + # Temporary workaround for https://github.com/Mailu/helm-charts/issues/309 until MAILU_HELM_CHART is taken into consideration in Mailu + I_KNOW_MY_SETUP_DOESNT_FIT_REQUIREMENTS_AND_WONT_FILE_ISSUES_WITHOUT_PATCHES: "true" + MEMORY_SESSIONS: "false" + MESSAGE_RATELIMIT_EXEMPTION: {{ .Values.limits.messageRatelimit.exemption | quote }} + MESSAGE_RATELIMIT: {{ .Values.limits.messageRatelimit.value | quote }} + MESSAGE_SIZE_LIMIT: "{{ mul .Values.limits.messageSizeLimitInMegabytes (mul 1024 1024) }}" + OUTBOUND_TLS_LEVEL: {{ .Values.tls.outboundLevel | quote }} + PERMANENT_SESSION_LIFETIME: {{ .Values.permanentSessionLifetime | int64 | quote }} + PORTS: {{ include "mailu.enabledPorts" . }} + POSTMASTER: {{ .Values.postmaster | quote }} + PROXY_AUTH_CREATE: {{ .Values.proxyAuth.create | quote }} + PROXY_AUTH_HEADER: {{ .Values.proxyAuth.header | quote }} + PROXY_AUTH_WHITELIST: {{ .Values.proxyAuth.whitelist | quote }} + PROXY_PROTOCOL: {{ include "mailu.proxyProtocolPorts" . | quote }} + RATELIMIT_STORAGE_URL: {{ printf "redis://%s:%s/%s" (include "mailu.redis.serviceFqdn" .) (include "mailu.redis.port" .) (include "mailu.redis.db.rateLimit" .) }} + REAL_IP_FROM: {{ .Values.ingress.realIpFrom | quote }} + REAL_IP_HEADER: {{ .Values.ingress.realIpHeader | quote }} + RECAPTCHA_PRIVATE_KEY: "" + RECAPTCHA_PUBLIC_KEY: "" + RECIPIENT_DELIMITER: {{ .Values.recipientDelimiter | quote }} + REJECT_UNLISTED_RECIPIENT: "yes" + RELAYHOST: {{ .Values.externalRelay.host | quote }} + RELAYNETS: {{ (join "," .Values.externalRelay.networks) | quote }} + ROUNDCUBE_DB_FLAVOR: {{ include "mailu.database.type" . }} + # SECRET_KEY => via secret + SESSION_COOKIE_SECURE: {{ .Values.sessionCookieSecure | quote }} + # SESSION_KEY_BITS: 128 # TODO: Fix Mailu to parse int when from string + SESSION_TIMEOUT: {{ .Values.sessionTimeout | quote }} + SITENAME: {{ .Values.customization.siteName | quote }} + SQLALCHEMY_DATABASE_URI: "sqlite:////data/main.db" + SQLALCHEMY_TRACK_MODIFICATIONS: "false" + SQLITE_DATABASE_FILE: "data/main.db" + STATS_ENDPOINT: "19.{}.stats.mailu.io" + SUBNET6: {{ .Values.subnet6 | quote }} + SUBNET: {{ .Values.subnet | quote }} + TEMPLATES_AUTO_RELOAD: "true" + TLS_FLAVOR: {{ include "mailu.tlsFlavor" . }} + TLS_PERMISSIVE: "true" + TZ: {{ .Values.timezone | quote }} + WEB_ADMIN: {{ .Values.admin.uri | quote }} + WEBSITE: {{ .Values.customization.website | quote }} + WELCOME_BODY: {{ .Values.welcomeMessage.body | quote }} + WELCOME_SUBJECT: {{ .Values.welcomeMessage.subject | quote }} + WELCOME: {{ .Values.welcomeMessage.enabled | quote}} + WILDCARD_SENDERS: {{ .Values.wildcardSenders | join "," | quote }} + + # Addresses + ADMIN_ADDRESS: {{ include "mailu.admin.serviceFqdn" . }} + ANTISPAM_ADDRESS: {{ include "mailu.rspamd.serviceFqdn" . }} + FRONT_ADDRESS: {{ include "mailu.front.serviceFqdn" . }} + IMAP_ADDRESS: {{ include "mailu.dovecot.serviceFqdn" . }} + REDIS_ADDRESS: {{ include "mailu.redis.serviceFqdn" . }} + SMTP_ADDRESS: {{ include "mailu.postfix.serviceFqdn" . }} + + +{{- if not (eq (include "mailu.database.type" .) "sqlite") }} +{{- if .Values.webmail.enabled }} + ROUNDCUBE_DB_USER: {{ include "mailu.database.roundcube.username" . }} + ROUNDCUBE_DB_NAME: {{ include "mailu.database.roundcube.name" . }} + ROUNDCUBE_DB_HOST: {{ printf "%s:%s" (include "mailu.database.host" .) (include "mailu.database.port" .) | quote}} +{{- end }} +{{- end }} + +{{- if .Values.initialAccount.enabled }} + INITIAL_ADMIN_MODE: {{ .Values.initialAccount.mode | quote }} + INITIAL_ADMIN_ACCOUNT: {{ .Values.initialAccount.username | quote }} + INITIAL_ADMIN_DOMAIN: {{ .Values.initialAccount.domain | quote }} +{{- end }} + +{{- if .Values.webmail.enabled }} + WEBMAIL: {{ .Values.webmail.type | quote }} + WEB_WEBMAIL: {{ .Values.webmail.uri | quote }} + WEBMAIL_ADDRESS: {{ include "mailu.webmail.serviceFqdn" . }} + WEBROOT_REDIRECT: {{ .Values.webmail.uri | quote }} + ROUNDCUBE_PLUGINS: {{ (join "," .Values.webmail.roundcubePlugins) | quote }} +{{- else }} + WEBMAIL: none + WEBMAIL_ADDRESS: localhost + WEB_WEBMAIL: / + WEBROOT_REDIRECT: /admin/ +{{- end }} + +{{- if .Values.webdav.enabled }} + WEBDAV: radicale + WEBDAV_ADDRESS: {{ include "mailu.webdav.serviceFqdn" . }} +{{- else }} + WEBDAV: none + WEBDAV_ADDRESS: localhost +{{- end }} + +{{- if .Values.clamav.enabled }} + ANTIVIRUS: clamav + ANTIVIRUS_ADDRESS: {{ include "mailu.clamav.serviceFqdn" . }} +{{- else }} + ANTIVIRUS: none + ANTIVIRUS_ADDRESS: localhost +{{- end }} + +{{- if .Values.oletools.enabled }} + OLETOOLS_ADDRESS: {{ include "mailu.oletools.serviceFqdn" . }} + SCAN_MACROS: "true" +{{- else }} + SCAN_MACROS: "false" +{{- end }} + +{{- if .Values.tika.enabled }} + FULL_TEXT_SEARCH: {{ include "mailu.fullTextSearch" . }} + FULL_TEXT_SEARCH_ATTACHMENTS: "true" + FTS_ATTACHMENTS_ADDRESS: {{ include "mailu.tika.serviceFqdn" . }} +{{- else }} + FULL_TEXT_SEARCH_ATTACHMENTS: "false" +{{- end}} + +{{- if .Values.api.enabled }} + API: "true" + WEB_API: {{ .Values.api.webPath | quote }} +{{- else }} + API: "false" +{{- end }} diff --git a/charts/mailu/templates/fetchmail/deployment.yaml b/charts/mailu/templates/fetchmail/deployment.yaml new file mode 100644 index 0000000..0038b67 --- /dev/null +++ b/charts/mailu/templates/fetchmail/deployment.yaml @@ -0,0 +1,147 @@ +--- +{{- if .Values.fetchmail.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-fetchmail" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: fetchmail + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.fetchmail.updateStrategy }} + strategy: {{- toYaml .Values.fetchmail.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.fetchmail.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: fetchmail + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: fetchmail + {{- if .Values.fetchmail.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.fetchmail.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.fetchmail.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.fetchmail.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.priorityClassName }} + priorityClassName: {{ .Values.fetchmail.priorityClassName | quote }} + {{- end }} + {{- if .Values.fetchmail.schedulerName }} + schedulerName: {{ .Values.fetchmail.schedulerName | quote }} + {{- end }} + {{- if .Values.fetchmail.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.fetchmail.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.fetchmail.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.fetchmail.podSecurityContext.enabled }} + securityContext: {{- omit .Values.fetchmail.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: fetchmail + image: {{ .Values.imageRegistry }}/{{ .Values.fetchmail.image.repository }}:{{ default (include "mailu.version" .) .Values.fetchmail.image.tag }} + imagePullPolicy: {{ .Values.fetchmail.image.pullPolicy }} + {{- if .Values.fetchmail.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.fetchmail.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + subPath: fetchmail + mountPath: /data + {{- if .Values.fetchmail.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: DEBUG + {{- if eq (default .Values.logLevel .Values.fetchmail.logLevel) "DEBUG" }} + value: "True" + {{- else }} + value: "False" + {{- end }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.fetchmail.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.fetchmail.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.fetchmail.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.fetchmail.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.fetchmail.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: fetchmail + containerPort: 5232 + protocol: TCP + - name: http + containerPort: 80 + protocol: TCP + {{- if .Values.fetchmail.resources }} + resources: {{- toYaml .Values.fetchmail.resources | nindent 12 }} + {{- end }} + {{- if .Values.fetchmail.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.fetchmail.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'ps ax | grep [/]fetchmail.py' + {{- end }} + {{- if .Values.fetchmail.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.fetchmail.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'ps ax | grep [/]fetchmail.py' + {{- end }} + {{- if .Values.fetchmail.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.fetchmail.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'ps ax | grep [/]fetchmail.py' + {{- end }} + {{- if .Values.fetchmail.extraContainers }} + {{- toYaml .Values.fetchmail.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.fetchmail.claimName" . }} + {{- if .Values.fetchmail.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.fetchmail.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/fetchmail/pvc.yaml b/charts/mailu/templates/fetchmail/pvc.yaml new file mode 100644 index 0000000..4cc16a5 --- /dev/null +++ b/charts/mailu/templates/fetchmail/pvc.yaml @@ -0,0 +1,33 @@ +--- +{{- if and (.Values.fetchmail.enabled) (not .Values.persistence.single_pvc) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.fetchmail.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: fetchmail + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.fetchmail.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.fetchmail.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.fetchmail.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.fetchmail.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.fetchmail.persistence.size | quote }} + {{- if .Values.fetchmail.persistence.storageClass }} + storageClassName: {{ .Values.fetchmail.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/front/deployment.yaml b/charts/mailu/templates/front/deployment.yaml new file mode 100644 index 0000000..8d1b444 --- /dev/null +++ b/charts/mailu/templates/front/deployment.yaml @@ -0,0 +1,206 @@ +--- +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: {{ .Values.front.kind }} +metadata: + name: {{ printf "%s-front" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: front + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if eq .Values.front.kind "Deployment" }} + replicas: {{ .Values.front.replicaCount }} + {{- end }} + {{- if and .Values.front.updateStrategy (eq .Values.front.kind "Deployment") }} + strategy: {{- toYaml .Values.front.updateStrategy | nindent 4 }} + {{- end }} + {{- if and .Values.front.updateStrategy (eq .Values.front.kind "DaemonSet") }} + updateStrategy: {{- toYaml .Values.front.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.front.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: front + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: front + {{- if .Values.front.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.front.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.front.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.front.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.front.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.front.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.front.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.front.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.front.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.priorityClassName }} + priorityClassName: {{ .Values.front.priorityClassName | quote }} + {{- end }} + {{- if .Values.front.schedulerName }} + schedulerName: {{ .Values.front.schedulerName | quote }} + {{- end }} + {{- if .Values.front.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.front.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.front.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.front.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.front.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.front.podSecurityContext.enabled }} + securityContext: {{- omit .Values.front.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: front + image: {{ .Values.imageRegistry }}/{{ .Values.front.image.repository }}:{{ default (include "mailu.version" .) .Values.front.image.tag }} + imagePullPolicy: {{ .Values.front.image.pullPolicy }} + {{- if .Values.front.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.front.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: certs + mountPath: /certs + {{- if .Values.front.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.front.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.front.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.front.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.front.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.front.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.front.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.front.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.front.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: pop3 + protocol: TCP + containerPort: 110 + {{- if .Values.front.hostPort.enabled }} + hostPort: 110 + {{- end}} + - name: pop3s + protocol: TCP + containerPort: 995 + {{- if .Values.front.hostPort.enabled }} + hostPort: 995 + {{- end}} + - name: imap + protocol: TCP + containerPort: 143 + {{- if .Values.front.hostPort.enabled }} + hostPort: 143 + {{- end}} + - name: imaps + protocol: TCP + containerPort: 993 + {{- if .Values.front.hostPort.enabled }} + hostPort: 993 + {{- end}} + - name: smtp + protocol: TCP + containerPort: 25 + {{- if .Values.front.hostPort.enabled }} + hostPort: 25 + {{- end}} + - name: smtps + protocol: TCP + containerPort: 465 + {{- if .Values.front.hostPort.enabled }} + hostPort: 465 + {{- end}} + - name: smtp-auth + protocol: TCP + containerPort: 10025 + - name: imap-auth + protocol: TCP + containerPort: 10143 + - name: smtpd + protocol: TCP + containerPort: 587 + {{- if .Values.front.hostPort.enabled }} + hostPort: 587 + {{- end}} + - name: auth + containerPort: 8000 + protocol: TCP + - name: http + containerPort: 80 + protocol: TCP + - name: sieve + containerPort: 14190 + protocol: TCP + {{ if not .Values.ingress.enabled }} + - name: https + containerPort: 443 + protocol: TCP + {{end}} + {{- if .Values.front.resources }} + resources: {{- toYaml .Values.front.resources | nindent 12 }} + {{- end }} + {{- if .Values.front.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.front.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'curl -skfLo /dev/null http://127.0.0.1:10204/health && kill -0 `cat /run/dovecot/master.pid`' + {{- end }} + {{- if .Values.front.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.front.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'curl -skfLo /dev/null http://127.0.0.1:10204/health && kill -0 `cat /run/dovecot/master.pid`' + {{- end }} + {{- if .Values.front.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.front.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'curl -skfLo /dev/null http://127.0.0.1:10204/health && kill -0 `cat /run/dovecot/master.pid`' + {{- end }} + {{- if .Values.front.extraContainers }} + {{- toYaml .Values.front.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: certs + secret: + items: + - key: tls.crt + path: cert.pem + - key: tls.key + path: key.pem + secretName: {{ include "mailu.certificatesSecretName" . }} + {{- if .Values.front.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.front.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/mailu/templates/front/ingress.yaml b/charts/mailu/templates/front/ingress.yaml new file mode 100644 index 0000000..0bd94fb --- /dev/null +++ b/charts/mailu/templates/front/ingress.yaml @@ -0,0 +1,65 @@ +--- +{{/* TODO: add support for Traefik */}} +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "mailu.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- range .Values.hostnames }} + - host: {{ . | quote }} + http: + paths: + {{- if $.Values.ingress.extraPaths }} + {{- toYaml $.Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ $.Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ $.Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "mailu.front.serviceName" $) "servicePort" "https" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "mailu.front.serviceName" $) "servicePort" "https" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- if or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.secrets .Values.ingress.selfSigned .Values.ingress.existingSecret }} + - secretName: {{ include "mailu.certificatesSecretName" . }} + hosts: + {{- range .Values.hostnames }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/front/service-external.yaml b/charts/mailu/templates/front/service-external.yaml new file mode 100644 index 0000000..50a1afa --- /dev/null +++ b/charts/mailu/templates/front/service-external.yaml @@ -0,0 +1,91 @@ +{{- if .Values.front.externalService.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-ext" (include "mailu.front.serviceName" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: front + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.front.externalService.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.front.externalService.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: front +{{- with .Values.front.externalService }} + type: {{ .type | default "ClusterIP" }} + externalTrafficPolicy: {{ .externalTrafficPolicy | default "Local" }} + {{- if .loadBalancerIP }} + loadBalancerIP: {{ .loadBalancerIP }} + {{- end }} + ports: + {{- if .ports.pop3 }} + - name: pop3 + port: 110 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.pop3 }} + {{- end }} + {{- end }} + {{- if .ports.pop3s }} + - name: pop3s + port: 995 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.pop3s }} + {{- end }} + {{- end }} + {{- if .ports.imap }} + - name: imap + port: 143 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.imap }} + {{- end }} + {{- end }} + {{- if .ports.imaps }} + - name: imaps + port: 993 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.imaps }} + {{- end }} + {{- end }} + {{- if .ports.smtp }} + - name: smtp + port: 25 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.smtp }} + {{- end }} + {{- end }} + {{- if .ports.smtps }} + - name: smtps + port: 465 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.smtps }} + {{- end }} + {{- end }} + {{- if .ports.submission }} + - name: smtpd + port: 587 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.submission }} + {{- end }} + {{- end }} + {{- if .ports.manageSieve }} + - name: sieve + port: 4190 + protocol: TCP + {{ if eq $.Values.front.externalService.type "NodePort" -}} + nodePort: {{ .nodePorts.manageSieve }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/mailu/templates/front/service.yaml b/charts/mailu/templates/front/service.yaml new file mode 100644 index 0000000..131802a --- /dev/null +++ b/charts/mailu/templates/front/service.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.front.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: front + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.front.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.front.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: front + ports: + - name: pop3 + port: 110 + protocol: TCP + - name: pop3s + port: 995 + protocol: TCP + - name: imap + port: 143 + protocol: TCP + - name: imaps + port: 993 + protocol: TCP + - name: smtp + port: 25 + protocol: TCP + - name: smtps + port: 465 + protocol: TCP + - name: smtpd + port: 587 + protocol: TCP + - name: lmtp + port: 2525 + protocol: TCP + - name: smtp-auth + port: 10025 + protocol: TCP + - name: imap-auth + port: 10143 + protocol: TCP + - name: http + port: 80 + protocol: TCP + - name: sieve + port: 14190 + protocol: TCP + - name: https + port: 443 + protocol: TCP diff --git a/charts/mailu/templates/network-policies.yaml b/charts/mailu/templates/network-policies.yaml new file mode 100644 index 0000000..dd56734 --- /dev/null +++ b/charts/mailu/templates/network-policies.yaml @@ -0,0 +1,120 @@ +{{- if and .Values.networkPolicy.enabled }} +--- +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-default-deny" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + policyTypes: + - Ingress + - Egress + ingress: [] + egress: [] +--- +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-allow-egress-all" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + policyTypes: + - Egress + egress: + - {} +--- +--- +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-allow-front" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: front + ingress: + # Allow ports 80/TCP, 443/TCP for ingress controller + - ports: + - port: 80 + protocol: TCP + - port: 443 + protocol: TCP + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Values.networkPolicy.ingressController.namespace }} + podSelector: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressController.podSelector "context" $) | nindent 10 }} + # Allow ports 25/TCP, 110/TCP, 143/TCP, 465/TCP, 587/TCP, 995/TCP, 993/TCP, 4190/TCP through loadbalancer + - ports: + - port: 25 + protocol: TCP + - port: 110 + protocol: TCP + - port: 143 + protocol: TCP + - port: 465 + protocol: TCP + - port: 587 + protocol: TCP + - port: 995 + protocol: TCP + - port: 993 + protocol: TCP + - port: 4190 + protocol: TCP +--- +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-allow-internal" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/mailu/templates/oletools/deployment.yaml b/charts/mailu/templates/oletools/deployment.yaml new file mode 100644 index 0000000..3eefb7e --- /dev/null +++ b/charts/mailu/templates/oletools/deployment.yaml @@ -0,0 +1,134 @@ +--- +{{- if .Values.oletools.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-oletools" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: oletools + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.oletools.updateStrategy }} + strategy: {{- toYaml .Values.oletools.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.oletools.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: oletools + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: oletools + {{- if .Values.oletools.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.oletools.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.oletools.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.oletools.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.oletools.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.oletools.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.oletools.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.oletools.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.oletools.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.priorityClassName }} + priorityClassName: {{ .Values.oletools.priorityClassName | quote }} + {{- end }} + {{- if .Values.oletools.schedulerName }} + schedulerName: {{ .Values.oletools.schedulerName | quote }} + {{- end }} + {{- if .Values.oletools.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.oletools.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.oletools.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.oletools.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.oletools.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.oletools.podSecurityContext.enabled }} + securityContext: {{- omit .Values.oletools.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: oletools + image: {{ .Values.imageRegistry }}/{{ .Values.oletools.image.repository }}:{{ default (include "mailu.version" .) .Values.oletools.image.tag }} + imagePullPolicy: {{ .Values.oletools.image.pullPolicy }} + {{- if .Values.oletools.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.oletools.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.oletools.extraVolumeMounts }} + volumeMounts: + {{- include "common.tplvalues.render" (dict "value" .Values.oletools.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.oletools.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.oletools.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.oletools.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.oletools.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.oletools.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.oletools.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.oletools.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: olefy + containerPort: 11343 + protocol: TCP + {{- if .Values.oletools.resources }} + resources: {{- toYaml .Values.oletools.resources | nindent 12 }} + {{- end }} + {{- if .Values.oletools.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.oletools.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'echo PING|nc -q1 localhost 11343|grep PONG' + {{- end }} + {{- if .Values.oletools.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.oletools.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'echo PING|nc -q1 localhost 11343|grep PONG' + {{- end }} + {{- if .Values.oletools.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.oletools.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'echo PING|nc -q1 localhost 11343|grep PONG' + {{- end }} + {{- if .Values.oletools.extraContainers }} + {{- toYaml .Values.oletools.extraContainers | nindent 8 }} + {{- end }} + {{- if .Values.oletools.extraVolumes }} + volumes: + {{- include "common.tplvalues.render" (dict "value" .Values.oletools.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/oletools/service.yaml b/charts/mailu/templates/oletools/service.yaml new file mode 100644 index 0000000..0ed87cf --- /dev/null +++ b/charts/mailu/templates/oletools/service.yaml @@ -0,0 +1,23 @@ +--- +{{- if .Values.oletools.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.oletools.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: oletools + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.oletools.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.oletools.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: oletools + ports: + - name: olefy + port: 11343 + protocol: TCP +{{- end }} diff --git a/charts/mailu/templates/postfix/configmap.yaml b/charts/mailu/templates/postfix/configmap.yaml new file mode 100644 index 0000000..df21ac8 --- /dev/null +++ b/charts/mailu/templates/postfix/configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.postfix.overrides }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-postfix-override" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: postfix + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- with .Values.postfix.overrides }} +data: +{{- .|toYaml|nindent 2 }} +{{ end }} +{{ end }} diff --git a/charts/mailu/templates/postfix/deployment.yaml b/charts/mailu/templates/postfix/deployment.yaml new file mode 100644 index 0000000..34f1b1c --- /dev/null +++ b/charts/mailu/templates/postfix/deployment.yaml @@ -0,0 +1,156 @@ +--- +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-postfix" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: postfix + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.postfix.updateStrategy }} + strategy: {{- toYaml .Values.postfix.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.postfix.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: postfix + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: postfix + {{- if .Values.postfix.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.postfix.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.postfix.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.postfix.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.postfix.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.postfix.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.postfix.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.postfix.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.postfix.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.priorityClassName }} + priorityClassName: {{ .Values.postfix.priorityClassName | quote }} + {{- end }} + {{- if .Values.postfix.schedulerName }} + schedulerName: {{ .Values.postfix.schedulerName | quote }} + {{- end }} + {{- if .Values.postfix.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.postfix.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.postfix.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.postfix.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.postfix.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.postfix.podSecurityContext.enabled }} + securityContext: {{- omit .Values.postfix.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: postfix + image: {{ .Values.imageRegistry }}/{{ .Values.postfix.image.repository }}:{{ default (include "mailu.version" .) .Values.postfix.image.tag }} + imagePullPolicy: {{ .Values.postfix.image.pullPolicy }} + {{- if .Values.postfix.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.postfix.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /queue + name: data + subPath: mailqueue + {{- if .Values.postfix.overrides }} + - name: overrides + mountPath: /overrides + {{- end }} + {{- if .Values.postfix.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.postfix.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.postfix.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.postfix.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.postfix.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.postfix.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.postfix.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.postfix.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.postfix.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: smtp + containerPort: 25 + protocol: TCP + - name: smtp-ssl + containerPort: 465 + protocol: TCP + - name: smtp-starttls + containerPort: 587 + protocol: TCP + - name: smtp-auth + containerPort: 10025 + protocol: TCP + {{- if .Values.postfix.resources }} + resources: {{- toYaml .Values.postfix.resources | nindent 12 }} + {{- end }} + {{- if .Values.postfix.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.postfix.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - '! /usr/libexec/postfix/master -t' + {{- end }} + {{- if .Values.postfix.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.postfix.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - '! /usr/libexec/postfix/master -t' + {{- end }} + {{- if .Values.postfix.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.postfix.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - '! /usr/libexec/postfix/master -t' + {{- end }} + {{- if .Values.postfix.extraContainers }} + {{- toYaml .Values.postfix.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.postfix.claimName" . }} + {{- if .Values.postfix.overrides }} + - name: overrides + configMap: + name: {{ printf "%s-postfix-override" (include "mailu.fullname" .) }} + {{- end }} + {{- if .Values.postfix.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.postfix.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/mailu/templates/postfix/pvc.yaml b/charts/mailu/templates/postfix/pvc.yaml new file mode 100644 index 0000000..1d02e0a --- /dev/null +++ b/charts/mailu/templates/postfix/pvc.yaml @@ -0,0 +1,33 @@ +--- +{{- if not .Values.persistence.single_pvc }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.postfix.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: postfix + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.postfix.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.postfix.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.postfix.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.postfix.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.postfix.persistence.size | quote }} + {{- if .Values.postfix.persistence.storageClass }} + storageClassName: {{ .Values.postfix.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/postfix/service.yaml b/charts/mailu/templates/postfix/service.yaml new file mode 100644 index 0000000..d22906c --- /dev/null +++ b/charts/mailu/templates/postfix/service.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.postfix.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: postfix + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.postfix.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.postfix.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: postfix + ports: + - name: smtp + port: 25 + protocol: TCP + - name: smtp-ssl + port: 465 + protocol: TCP + - name: smtp-starttls + port: 587 + protocol: TCP + - name: smtp-auth + port: 10025 + protocol: TCP diff --git a/charts/mailu/templates/pv-hostpath.yaml b/charts/mailu/templates/pv-hostpath.yaml new file mode 100644 index 0000000..6534b4f --- /dev/null +++ b/charts/mailu/templates/pv-hostpath.yaml @@ -0,0 +1,45 @@ +{{- if and (and .Values.persistence.single_pvc .Values.persistence.hostPath) (not .Values.persistence.existingClaim) -}} +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ printf "%s-storage" (include "mailu.fullname" . ) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem + hostPath: + path: {{ .Values.persistence.hostPath }} + type: DirectoryOrCreate + {{ if .Values.nodeSelector }} + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + {{- range $k, $v := .Values.nodeSelector }} + - key: "{{ $k }}" + operator: In + values: + - "{{ $v }}" + {{- end }} + {{ end }} +{{- end }} diff --git a/charts/mailu/templates/pvc.yaml b/charts/mailu/templates/pvc.yaml new file mode 100644 index 0000000..73b2736 --- /dev/null +++ b/charts/mailu/templates/pvc.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.persistence.single_pvc (not .Values.persistence.existingClaim) -}} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-storage" (include "mailu.fullname" . ) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if and (.Values.persistence.storageClass) (not .Values.persistence.hostPath) }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} + {{- if .Values.persistence.hostPath }} + volumeName: {{ printf "%s-storage" (include "mailu.fullname" . ) }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/rspamd/configmap.yaml b/charts/mailu/templates/rspamd/configmap.yaml new file mode 100644 index 0000000..4f16ebc --- /dev/null +++ b/charts/mailu/templates/rspamd/configmap.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rspamd.overrides .Values.rspamd.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-rspamd-override" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: rspamd + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- with .Values.rspamd.overrides }} +data: +{{- .|toYaml|nindent 2 }} +{{ end }} +{{ end }} diff --git a/charts/mailu/templates/rspamd/deployment.yaml b/charts/mailu/templates/rspamd/deployment.yaml new file mode 100644 index 0000000..1c2ffaf --- /dev/null +++ b/charts/mailu/templates/rspamd/deployment.yaml @@ -0,0 +1,150 @@ +--- +{{- if .Values.rspamd.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-rspamd" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: rspamd + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.rspamd.updateStrategy }} + strategy: {{- toYaml .Values.rspamd.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.rspamd.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: rspamd + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: rspamd + {{- if .Values.rspamd.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.rspamd.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.rspamd.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.rspamd.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.priorityClassName }} + priorityClassName: {{ .Values.rspamd.priorityClassName | quote }} + {{- end }} + {{- if .Values.rspamd.schedulerName }} + schedulerName: {{ .Values.rspamd.schedulerName | quote }} + {{- end }} + {{- if .Values.rspamd.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.rspamd.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.rspamd.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.rspamd.podSecurityContext.enabled }} + securityContext: {{- omit .Values.rspamd.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostname: rspamd # https://github.com/Mailu/helm-charts/issues/95 + containers: + - name: rspamd + image: {{ .Values.imageRegistry }}/{{ .Values.rspamd.image.repository }}:{{ default (include "mailu.version" .) .Values.rspamd.image.tag }} + imagePullPolicy: {{ .Values.rspamd.image.pullPolicy }} + {{- if .Values.rspamd.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.rspamd.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + subPath: rspamd + mountPath: /var/lib/rspamd + - name: data + subPath: rspamd-local.d-maps.d + mountPath: /etc/rspamd/local.d/maps.d + {{- if .Values.rspamd.overrides }} + - name: overrides + mountPath: /overrides + {{- end }} + {{- if .Values.rspamd.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.rspamd.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.rspamd.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.rspamd.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.rspamd.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.rspamd.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.rspamd.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: rspamd + containerPort: 11332 + protocol: TCP + - name: rspamd-http + containerPort: 11334 + protocol: TCP + {{- if .Values.rspamd.resources }} + resources: {{- toYaml .Values.rspamd.resources | nindent 12 }} + {{- end }} + {{- if .Values.rspamd.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.rspamd.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: rspamd-http + {{- end }} + {{- if .Values.rspamd.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.rspamd.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: rspamd-http + {{- end }} + {{- if .Values.rspamd.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.rspamd.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: rspamd-http + {{- end }} + {{- if .Values.rspamd.extraContainers }} + {{- toYaml .Values.rspamd.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.rspamd.claimName" . }} + {{- if .Values.rspamd.overrides }} + - name: overrides + configMap: + name: {{ printf "%s-rspamd-override" (include "mailu.fullname" .) }} + {{- end }} + {{- if .Values.rspamd.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.rspamd.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{ end }} diff --git a/charts/mailu/templates/rspamd/pvc.yaml b/charts/mailu/templates/rspamd/pvc.yaml new file mode 100644 index 0000000..32e82da --- /dev/null +++ b/charts/mailu/templates/rspamd/pvc.yaml @@ -0,0 +1,33 @@ +--- +{{- if and (not .Values.persistence.single_pvc) .Values.rspamd.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.rspamd.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: rspamd + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.rspamd.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.rspamd.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rspamd.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.rspamd.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.rspamd.persistence.size | quote }} + {{- if .Values.rspamd.persistence.storageClass }} + storageClassName: {{ .Values.rspamd.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/rspamd/service.yaml b/charts/mailu/templates/rspamd/service.yaml new file mode 100644 index 0000000..5ae3eb6 --- /dev/null +++ b/charts/mailu/templates/rspamd/service.yaml @@ -0,0 +1,26 @@ +--- +{{- if .Values.rspamd.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.rspamd.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: rspamd + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.rspamd.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.rspamd.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: rspamd + ports: + - name: rspamd + port: 11332 + protocol: TCP + - name: rspamd-http + protocol: TCP + port: 11334 +{{ end }} diff --git a/charts/mailu/templates/secret-api.yaml b/charts/mailu/templates/secret-api.yaml new file mode 100644 index 0000000..4cff4d3 --- /dev/null +++ b/charts/mailu/templates/secret-api.yaml @@ -0,0 +1,17 @@ +{{- if and (.Values.api.enabled) (not .Values.api.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mailu.api.secretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ include "mailu.api.secretKey" . -}}: {{ include "mailu.api.token" . }} +{{- end }} diff --git a/charts/mailu/templates/secret-external-db.yaml b/charts/mailu/templates/secret-external-db.yaml new file mode 100644 index 0000000..32b72a9 --- /dev/null +++ b/charts/mailu/templates/secret-external-db.yaml @@ -0,0 +1,20 @@ +--- +{{- if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mailu.database.external.secretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ .Values.externalDatabase.existingSecretDatabaseKey -}}: {{ (include "mailu.database.external.database" . ) | toString | b64enc | quote }} + {{ .Values.externalDatabase.existingSecretUsernameKey -}}: {{ (include "mailu.database.external.username" . ) | toString | b64enc | quote }} + {{ .Values.externalDatabase.existingSecretPasswordKey -}}: {{ (include "mailu.database.external.password" . ) | toString | b64enc | quote }} +{{- end }} diff --git a/charts/mailu/templates/secret-external-relay.yaml b/charts/mailu/templates/secret-external-relay.yaml new file mode 100644 index 0000000..f1244c8 --- /dev/null +++ b/charts/mailu/templates/secret-external-relay.yaml @@ -0,0 +1,19 @@ +--- +{{- if and .Values.externalRelay.host (not .Values.externalRelay.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mailu.externalRelay.secretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ .Values.externalRelay.usernameKey -}}: {{ (include "mailu.externalRelay.username" . ) }} + {{ .Values.externalRelay.passwordKey -}}: {{ (include "mailu.externalRelay.password" . ) }} +{{- end }} diff --git a/charts/mailu/templates/secret-initial-account.yaml b/charts/mailu/templates/secret-initial-account.yaml new file mode 100644 index 0000000..cf113fb --- /dev/null +++ b/charts/mailu/templates/secret-initial-account.yaml @@ -0,0 +1,17 @@ +{{- if and (.Values.initialAccount) (not .Values.initialAccount.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mailu.initialAccount.secretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ include "mailu.initialAccount.secretKey" . -}}: {{ include "mailu.initialAccount.password" . }} +{{- end }} diff --git a/charts/mailu/templates/secret-key-secret.yaml b/charts/mailu/templates/secret-key-secret.yaml new file mode 100644 index 0000000..7b98398 --- /dev/null +++ b/charts/mailu/templates/secret-key-secret.yaml @@ -0,0 +1,17 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mailu.fullname" . }}-secret + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }} + {{- end }} +type: Opaque +data: + secret-key: {{ include "mailu.secretKey" . }} +{{- end }} diff --git a/charts/mailu/templates/secrets-tls.yaml b/charts/mailu/templates/secrets-tls.yaml new file mode 100644 index 0000000..d0a85ca --- /dev/null +++ b/charts/mailu/templates/secrets-tls.yaml @@ -0,0 +1,45 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +{{- end }} +{{- end }} + +--- +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "mailu-ca" 365 }} +{{- $cert := genSignedCert (.Values.hostnames | first) nil (.Values.hostnames) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mailu.certificatesSecretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/mailu/templates/tika/deployment.yaml b/charts/mailu/templates/tika/deployment.yaml new file mode 100644 index 0000000..125d2e9 --- /dev/null +++ b/charts/mailu/templates/tika/deployment.yaml @@ -0,0 +1,128 @@ +--- +{{- if .Values.tika.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-tika" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: tika + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.tika.updateStrategy }} + strategy: {{- toYaml .Values.tika.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.tika.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: tika + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: tika + {{- if .Values.tika.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.tika.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.tika.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.tika.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.tika.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.tika.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.tika.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.tika.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tika.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.priorityClassName }} + priorityClassName: {{ .Values.tika.priorityClassName | quote }} + {{- end }} + {{- if .Values.tika.schedulerName }} + schedulerName: {{ .Values.tika.schedulerName | quote }} + {{- end }} + {{- if .Values.tika.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.tika.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.tika.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.tika.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.tika.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tika.podSecurityContext.enabled }} + securityContext: {{- omit .Values.tika.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: tika + image: {{ .Values.tika.image.registry }}/{{ .Values.tika.image.repository }}:{{ .Values.tika.image.tag }} + imagePullPolicy: {{ .Values.tika.image.pullPolicy }} + {{- if .Values.tika.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.tika.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.tika.extraVolumeMounts }} + volumeMounts: + {{- include "common.tplvalues.render" (dict "value" .Values.tika.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.tika.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.tika.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.tika.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.tika.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.tika.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.tika.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.tika.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: 9998 + protocol: TCP + {{- if .Values.tika.resources }} + resources: {{- toYaml .Values.tika.resources | nindent 12 }} + {{- end }} + {{- if .Values.tika.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.tika.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /tika + port: http + {{- end }} + {{- if .Values.tika.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.tika.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /tika + port: http + {{- end }} + {{- if .Values.tika.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.tika.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /tika + port: http + {{- end }} + {{- if .Values.tika.extraContainers }} + {{- toYaml .Values.tika.extraContainers | nindent 8 }} + {{- end }} + {{- if .Values.tika.extraVolumes }} + volumes: + {{- include "common.tplvalues.render" (dict "value" .Values.tika.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/tika/service.yaml b/charts/mailu/templates/tika/service.yaml new file mode 100644 index 0000000..6ffa333 --- /dev/null +++ b/charts/mailu/templates/tika/service.yaml @@ -0,0 +1,23 @@ +--- +{{- if .Values.tika.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.tika.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: tika + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.tika.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.tika.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: tika + ports: + - name: http + port: 9998 + protocol: TCP +{{- end }} diff --git a/charts/mailu/templates/webdav/deployment.yaml b/charts/mailu/templates/webdav/deployment.yaml new file mode 100644 index 0000000..2ab9cc6 --- /dev/null +++ b/charts/mailu/templates/webdav/deployment.yaml @@ -0,0 +1,140 @@ +--- +{{- if .Values.webdav.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-webdav" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webdav + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.webdav.updateStrategy }} + strategy: {{- toYaml .Values.webdav.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.webdav.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: webdav + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: webdav + {{- if .Values.webdav.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.webdav.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.webdav.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.webdav.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.priorityClassName }} + priorityClassName: {{ .Values.webdav.priorityClassName | quote }} + {{- end }} + {{- if .Values.webdav.schedulerName }} + schedulerName: {{ .Values.webdav.schedulerName | quote }} + {{- end }} + {{- if .Values.webdav.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.webdav.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.webdav.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webdav.podSecurityContext.enabled }} + securityContext: {{- omit .Values.webdav.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: webdav + image: {{ .Values.imageRegistry }}/{{ .Values.webdav.image.repository }}:{{ default (include "mailu.version" .) .Values.webdav.image.tag }} + imagePullPolicy: {{ .Values.webdav.image.pullPolicy }} + {{- if .Values.webdav.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.webdav.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + subPath: webdav + mountPath: /data + {{- if .Values.webdav.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.webdav.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.webdav.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.webdav.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.webdav.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: 5232 + protocol: TCP + {{- if .Values.webdav.resources }} + resources: {{- toYaml .Values.webdav.resources | nindent 12 }} + {{- end }} + {{- if .Values.webdav.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'ps ax | grep [/]radicale.conf' + {{- end }} + {{- if .Values.webdav.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'ps ax | grep [/]radicale.conf' + {{- end }} + {{- if .Values.webdav.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - 'ps ax | grep [/]radicale.conf' + {{- end }} + {{- if .Values.webdav.extraContainers }} + {{- toYaml .Values.webdav.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.webdav.claimName" . }} + {{- if .Values.webdav.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/webdav/pvc.yaml b/charts/mailu/templates/webdav/pvc.yaml new file mode 100644 index 0000000..1af159a --- /dev/null +++ b/charts/mailu/templates/webdav/pvc.yaml @@ -0,0 +1,33 @@ +--- +{{- if and (.Values.webdav.enabled) (not .Values.persistence.single_pvc) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.webdav.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webdav + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.webdav.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.webdav.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.webdav.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.webdav.persistence.size | quote }} + {{- if .Values.webdav.persistence.storageClass }} + storageClassName: {{ .Values.webdav.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/webdav/service.yaml b/charts/mailu/templates/webdav/service.yaml new file mode 100644 index 0000000..b799dbb --- /dev/null +++ b/charts/mailu/templates/webdav/service.yaml @@ -0,0 +1,23 @@ +--- +{{- if .Values.webdav.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.webdav.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webdav + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.webdav.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: webdav + ports: + - name: http + port: 5232 + protocol: TCP +{{- end }} diff --git a/charts/mailu/templates/webmail/deployment.yaml b/charts/mailu/templates/webmail/deployment.yaml new file mode 100644 index 0000000..1b02c26 --- /dev/null +++ b/charts/mailu/templates/webmail/deployment.yaml @@ -0,0 +1,149 @@ +--- +{{- if .Values.webmail.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ printf "%s-webmail" (include "mailu.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webmail + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.webmail.updateStrategy }} + strategy: {{- toYaml .Values.webmail.updateStrategy | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.webmail.revisionHistoryLimit }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: webmail + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: webmail + {{- if .Values.webmail.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.webmail.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.webmail.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" (list .Values.webmail.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.webmail.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.webmail.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.webmail.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.webmail.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.webmail.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.priorityClassName }} + priorityClassName: {{ .Values.webmail.priorityClassName | quote }} + {{- end }} + {{- if .Values.webmail.schedulerName }} + schedulerName: {{ .Values.webmail.schedulerName | quote }} + {{- end }} + {{- if .Values.webmail.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.webmail.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.webmail.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.webmail.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.webmail.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.webmail.podSecurityContext.enabled }} + securityContext: {{- omit .Values.webmail.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: webmail + image: {{ .Values.imageRegistry }}/{{ .Values.webmail.image.repository }}:{{ default (include "mailu.version" .) .Values.webmail.image.tag }} + imagePullPolicy: {{ .Values.webmail.image.pullPolicy }} + {{- if .Values.webmail.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.webmail.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /data + name: data + subPath: webmail + {{- if .Values.webmail.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.webmail.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + env: + - name: LOG_LEVEL + value: {{ default .Values.logLevel .Values.webmail.logLevel }} + {{- tpl (include "mailu.envvars.secrets" .) $ | nindent 12 }} + {{- if .Values.webmail.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.webmail.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-envvars" (include "mailu.fullname" .) }} + {{- if .Values.webmail.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.webmail.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.webmail.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.webmail.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: 80 + protocol: TCP + {{- if .Values.webmail.resources }} + resources: {{- toYaml .Values.webmail.resources | nindent 12 }} + {{- end }} + {{- if .Values.webmail.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webmail.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - curl + - -f + - -L + - -H + - 'User-Agent: health' + - "http://localhost/ping" + {{- end }} + {{- if .Values.webmail.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webmail.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - curl + - -f + - -L + - -H + - 'User-Agent: health' + - "http://localhost/ping" + {{- end }} + {{- if .Values.webmail.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webmail.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - curl + - -f + - -L + - -H + - 'User-Agent: health' + - "http://localhost/ping" + {{- end }} + {{- if .Values.webmail.extraContainers }} + {{- toYaml .Values.webmail.extraContainers | nindent 8 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "mailu.webmail.claimName" . }} + {{- if .Values.webmail.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.webmail.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/webmail/pvc.yaml b/charts/mailu/templates/webmail/pvc.yaml new file mode 100644 index 0000000..bed6414 --- /dev/null +++ b/charts/mailu/templates/webmail/pvc.yaml @@ -0,0 +1,33 @@ +--- +{{- if and (.Values.webmail.enabled) (not .Values.persistence.single_pvc) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mailu.webmail.claimName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webmail + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.webmail.persistence.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.webmail.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.webmail.persistence.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.webmail.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.webmail.persistence.size | quote }} + {{- if .Values.webmail.persistence.storageClass }} + storageClassName: {{ .Values.webmail.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mailu/templates/webmail/secret.yaml b/charts/mailu/templates/webmail/secret.yaml new file mode 100644 index 0000000..7805bd0 --- /dev/null +++ b/charts/mailu/templates/webmail/secret.yaml @@ -0,0 +1,19 @@ +--- +{{- if and (not .Values.global.database.roundcube.existingSecret) .Values.webmail.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mailu.database.roundcube.secretName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webmail + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.webmail.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.webmail.service.annotations "context" $) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ include "mailu.database.roundcube.secretKey" . -}}: {{ (include "mailu.database.roundcube.password" . ) }} +{{- end }} diff --git a/charts/mailu/templates/webmail/service.yaml b/charts/mailu/templates/webmail/service.yaml new file mode 100644 index 0000000..b5ef7a0 --- /dev/null +++ b/charts/mailu/templates/webmail/service.yaml @@ -0,0 +1,23 @@ +--- +{{- if .Values.webmail.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mailu.webmail.serviceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: webmail + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.webmail.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.webmail.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: webmail + ports: + - name: http + port: 80 + protocol: TCP +{{- end }} diff --git a/charts/mailu/values.yaml b/charts/mailu/values.yaml new file mode 100644 index 0000000..9d3ca94 --- /dev/null +++ b/charts/mailu/values.yaml @@ -0,0 +1,3014 @@ +## Default values for mailu. + +## @section Global parameters +## Global common parameters (see Bitnamis common chart) +## @param global.imageRegistry Global container image registry +## @param global.imagePullSecrets Global container image pull secret +## @param global.storageClass Global storageClass to use for persistent volumes +global: + imageRegistry: "" + imagePullSecrets: [] + storageClass: "" + + database: + ## @param global.database.roundcube.database Name of the roundcube database + ## @param global.database.roundcube.username Username to use for the roundcube database + ## @param global.database.roundcube.password Password to use for the roundcube database + ## @param global.database.roundcube.existingSecret Name of an existing secret to use for the roundcube database + ## @param global.database.roundcube.existingSecretPasswordKey Name of the key in the existing secret to use for the roundcube database password + roundcube: + database: roundcube + username: roundcube + password: "" + existingSecret: "" + existingSecretPasswordKey: "" + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +kubeVersion: "" +## @param nameOverride String to partially override mailu.fullname include (will maintain the release name) +nameOverride: "" +## @param fullnameOverride String to fully override mailu.fullname template +fullnameOverride: "" +## @param commonLabels Add labels to all the deployed resources +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +commonAnnotations: {} + +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## @param tolerations Tolerations for pod assignment +tolerations: [] + +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## @param affinity Affinity for pod assignment +affinity: {} + +## @param imageRegistry Container registry to use for all Mailu images +imageRegistry: ghcr.io + +## @section Mailu parameters + +## e.g.: +## hostnames: +## - mail.example.com +## - imap.example.com +## @param hostnames List of hostnames to generate certificates and ingresses for. The first will be used as primary mail hostname. +hostnames: [] + +## e.g.: +## domain: example.com +## @param domain Mail domain name. See https://github.com/Mailu/Mailu/blob/master/docs/faq.rst#what-is-the-difference-between-domain-and-hostnames +domain: "" + +## e.g.: +## secretKey: chang3m3! +## @param secretKey The secret key is required for protecting authentication cookies and must be set individually for each deployment +## If empty, a random secret key will be generated and saved in a secret +secretKey: "" + +## e.g.: +## existingSecret: mailu-secret +## @param existingSecret Name of the existing secret to retrieve the secretKey. +## The secret has to contain the secretKey value under the `secret-key` key. +existingSecret: "" + +## @param timezone Timezone to use for the containers +timezone: "Etc/UTC" + +## e.g.: +## initialAccount: +## username: mailadmin +## domain: mydomain.com +## password: "" +## existingSecret: mailu-secret +## +## @param initialAccount.enabled Enable the creation of the initial account +## @param initialAccount.username Username of the initial account +## @param initialAccount.domain Domain of the initial account +## @param initialAccount.password Password of the initial account; ignored if using existing secret; if empty, a random password will be generated and saved in a secret +## @param initialAccount.existingSecret Name of the existing secret to retrieve the initial account's password +## @param initialAccount.existingSecretPasswordKey Name of the key in the existing secret to use for the initial account's password +## @param initialAccount.mode How to treat the creationg of the initial account. Possible values: "create", "update" or "ifmissing" +initialAccount: + enabled: false + username: "" + domain: "" + password: "" + existingSecret: "" + existingSecretPasswordKey: "" + mode: "update" + +## @param api.enabled Enable the API interface +## @param api.token Token to use for the API interface - if empty, a random token will be generated and saved in a secret +## @param api.existingSecret Name of the existing secret to retrieve the API token - if set, the token will be ignored +## @param api.existingSecretTokenKey Name of the key in the existing secret to use for the API token +## @param api.webPath Path for the API interface +api: + enabled: false + token: "" + existingSecret: "" + existingSecretTokenKey: "api-token" + webPath: "/api" + +## @param subnet Change this if you're using different address ranges for pods (IPv4) +subnet: 10.42.0.0/16 + +## @param subnet6 Change this if you're using different address ranges for pods (IPv6) +subnet6: "" + +networkPolicy: + ## @param networkPolicy.enabled Enable network policy + enabled: false + + ## @param networkPolicy.ingressController.namespace Namespace where the ingress controller is deployed + ## @param networkPolicy.ingressController.podSelector Selector for the ingress controller pods + ingressController: + namespace: ingress-nginx + podSelector: | + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + +## @param mailuVersion Override Mailu version to be deployed (tag of mailu images). Defaults to `Chart.AppVersion` - must be master or a version >= 2.0 +mailuVersion: "" + +## @param logLevel default log level. can be overridden globally or per service +logLevel: WARNING + +## @param postmaster local part of the postmaster email address (Mailu will use @$DOMAIN as domain part) +postmaster: postmaster + +## @param recipientDelimiter The delimiter used to separate local part from extension in recipient addresses +recipientDelimiter: "+" + +## @param dmarc.rua Local part of the DMARC report email address (Mailu will use @$DOMAIN as domain part) +## @param dmarc.ruf Local part of the DMARC failure report email address (Mailu will use @$DOMAIN as domain part) +dmarc: + rua: "" + ruf: "" + +limits: + ## @param limits.messageSizeLimitInMegabytes Maximum size of an email in megabytes + messageSizeLimitInMegabytes: 50 + + ## Configuration to prevent brute-force attacks. See the documentation for further information: https://mailu.io/master/configuration.html + ## @param limits.authRatelimit.ip Sets the `AUTH_RATELIMIT_IP` environment variable in the `admin` pod + ## @param limits.authRatelimit.ipv4Mask Sets the `AUTH_RATELIMIT_IP_V4_MASK` environment variable in the `admin` pod + ## @param limits.authRatelimit.ipv6Mask Sets the `AUTH_RATELIMIT_IP_V6_MASK` environment variable in the `admin` pod + ## @param limits.authRatelimit.user Sets the `AUTH_RATELIMIT_USER` environment variable in the `admin` pod + ## @param limits.authRatelimit.exemptionLength Sets the `AUTH_RATELIMIT_EXEMPTION_LENGTH` environment variable in the `admin` pod + ## @param limits.authRatelimit.exemption Sets the `AUTH_RATELIMIT_EXEMPTION` environment variable in the `admin` pod + authRatelimit: + ip: 60/hour + ipv4Mask: 24 + ipv6Mask: 56 + user: 100/day + exemptionLength: 86400 + exemption: "" + + # Configuration to reduce outgoing spam in case of a compromised account. See the documentation for further information: https://mailu.io/1.9/configuration.html?highlight=MESSAGE_RATELIMIT + ## @param limits.messageRatelimit.value Sets the `MESSAGE_RATELIMIT` environment variable in the `admin` pod + ## @param limits.messageRatelimit.exemption Sets the `MESSAGE_RATELIMIT_EXEMPTION` environment variable in the `admin` pod + messageRatelimit: + value: 200/day + exemption: "" + +## Mailu external relay configuration +## Example: +## externalRelay: +## host: "[domain.tld]:port" +## username: username +## password: SECRET +## # username and password can also be stored as secret: +## existingSecret: external-relay-secret +## usernameKey: username +## passwordKey: password +## networks: ["10.0.0.0/24", "2001:db8::/32"] +## @param externalRelay.host Hostname of the external relay +## @param externalRelay.username Username for the external relay +## @param externalRelay.password Password for the external relay +## @param externalRelay.existingSecret Name of the secret containing the username and password for the external relay; if set, username and password will be ignored +## @param externalRelay.usernameKey Key in the secret containing the username for the external relay +## @param externalRelay.passwordKey Key in the secret containing the password for the external relay +## @param externalRelay.networks List of networks that are allowed to use Mailu as external relay +externalRelay: + host: "" + username: "" + password: "" + existingSecret: "" + usernameKey: "relay-username" + passwordKey: "relay-password" + networks: [] + +## @param clusterDomain Kubernetes cluster domain name +clusterDomain: cluster.local + +## @param credentialRounds Number of rounds to use for password hashing +credentialRounds: 12 + +## @param sessionCookieSecure Controls the secure flag on the cookies of the administrative interface. +## It should only be turned off if you intend to access it over plain HTTP. +sessionCookieSecure: true + +## @param authRequireTokens Require tokens for authentication +authRequireTokens: false + +## @param sessionTimeout Maximum amount of time in seconds between requests before a session is invalidated +sessionTimeout: 3600 + +## @param permanentSessionLifetime Maximum amount of time in seconds a session can be kept alive for if it hasn’t timed-out +permanentSessionLifetime: 2592000 + +## @param letsencryptShortchain Controls whether we send the ISRG Root X1 certificate in TLS handshakes. +## This is required for android handsets older than 7.1.1 but slows down the performance of modern devices. +letsencryptShortchain: false + +## @param customization.siteName Website name +## @param customization.website URL of the website +## @param customization.logoUrl Sets a URL for a custom logo. This logo replaces the Mailu logo in the topleft of the main admin interface. +## @param customization.logoBackground Sets a custom background colour for the brand logo in the top left of the main admin interface. +customization: + siteName: "Mailu" + website: "https://mailu.io" + logoUrl: "" + logoBackground: "" + +## @param welcomeMessage.enabled Enable welcome message +## @param welcomeMessage.subject Subject of the welcome message +## @param welcomeMessage.body Body of the welcome message +welcomeMessage: + enabled: true + subject: "Welcome to Mailu" + body: "Welcome to Mailu, your new email service. Please change your password and update your profile." + +## @param wildcardSenders List of user emails that can send emails from any address +wildcardSenders: [] + +## @param tls.outboundLevel Sets the `OUTBOUND_TLS_LEVEL` environment variable +## @param tls.deferOnError Sets the `DEFER_ON_TLS_ERROR` environment variable +## @param tls.inboundEnforce Sets the `INBOUND_TLS_ENFORCE` environment variable +tls: + outboundLevel: "" + deferOnError: "" + inboundEnforce: "" + +## @section Storage parameters + +## If deploying mariadb or postgresql from this chart (see `mariadb.enabled` and `postgresql.enabled`), +## the username, password and database name for the `mailu` database needs to be configured in the respective sections. +## If using an external database, the `mailu` database needs to be created manually and the credentials need to be configured here. +## The `roundcube` database needs to be configured under the `global.database` section. +## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. +externalDatabase: + ## @param externalDatabase.enabled Set to true to use an external database + enabled: false + + ## @param externalDatabase.type Type of the external database for mailu and roundcube (`mysql`/`postgresql`) + ## Use `mysql` for MariaDB + type: "" + + ## @param externalDatabase.host Hostname of the database + host: "" + + ## @param externalDatabase.port Port of the database + port: 3306 + + ## @param externalDatabase.database Name of the database + database: mailu + + ## @param externalDatabase.username Username to use for the database + username: mailu + + ## @param externalDatabase.password Password to use for the database + password: "" + + ## @param externalDatabase.existingSecret Name of the secret containing the database credentials + existingSecret: "" + + ## @param externalDatabase.existingSecretDatabaseKey Key in the secret containing the database name + existingSecretDatabaseKey: "database" + + ## @param externalDatabase.existingSecretUsernameKey Key in the secret containing the database username + existingSecretUsernameKey: "username" + + ## @param externalDatabase.existingSecretPasswordKey Key in the secret containing the database password + existingSecretPasswordKey: "password" + +externalRedis: + ## @param externalRedis.enabled Set to true to use an external Redis instance (ignored if `redis.enabled` is true) + enabled: false + + ## @param externalRedis.host Hostname of the external Redis instance + host: "" + + ## @param externalRedis.port Port of the external Redis instance + port: 6379 + + ## @param externalRedis.adminQuotaDbId Redis database ID for the quota storage on the admin pod + adminQuotaDbId: 1 + + ## @param externalRedis.adminRateLimitDbId Redis database ID for the rate limit storage on the admin pod + adminRateLimitDbId: 2 + + ## @param externalRedis.rspamdDbId Redis database ID for the rspamd storage on the rspamd pod + ## Changing this value does nothing as the option is not configurable in rspamd pod yet + ## ref: https://rspamd.com/doc/configuration/redis.html#available-redis-options + rspamdDbId: 0 + +## @param database.mysql.roundcubePassword DEPRECATED - DO NOT USE: Password for the roundcube database +## @param database.postgresql.roundcubePassword DEPRECATED - DO NOT USE: Password for the roundcube database +database: + mysql: + roundcubePassword: "" + postgresql: + roundcubePassword: "" + +## MariaDB chart configuration +## for more options see https://github.com/bitnami/charts/tree/master/bitnami/mariadb +mariadb: + ## @param mariadb.enabled Enable MariaDB deployment + enabled: false + + ## @param mariadb.architecture MariaDB architecture. Allowed values: standalone or replication + architecture: standalone + + ## @param mariadb.auth.rootPassword Password for the `root` user. Ignored if existing secret is provided. + ## @param mariadb.auth.database Name for a custom database to create + ## @param mariadb.auth.username Name for a custom user to create + ## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided + ## @param mariadb.auth.existingSecret Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` + ## will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` + ## and `mariadb-password` + auth: + rootPassword: "" + database: mailu + username: mailu + password: "" + existingSecret: "" + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + ## @param mariadb.primary.persistence.enabled Enable persistence using PVC + ## @param mariadb.primary.persistence.storageClass PVC Storage Class for MariaDB volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## @param mariadb.primary.persistence.accessMode PVC Access Mode for MariaDB volume + ## @param mariadb.primary.persistence.size PVC Storage Request for MariaDB volume + primary: + persistence: + enabled: false + storageClass: "" + accessMode: ReadWriteOnce + size: 8Gi + + ## @skip mariadb.primary.extraEnvVars + ## Array with extra environment variables, used to create the initial `roundcube` database; DO NOT EDIT; see `global.database` instead + extraEnvVars: | + - name: ROUNDCUBE_DB_PW + valueFrom: + secretKeyRef: + name: {{ include "mailu.database.roundcube.secretName" . }} + key: {{ include "mailu.database.roundcube.secretKey" . }} + - name: ROUNDCUBE_DB_NAME + value: {{ include "mailu.database.roundcube.name" . }} + - name: ROUNDCUBE_DB_USER + value: {{ include "mailu.database.roundcube.username" . }} + + ## @skip mariadb.initdbScripts.create_roundcube_database.sh + ## DO NOT EDIT Script to create the roundcube database + initdbScripts: + create_roundcube_database.sh: | + #!/bin/bash + # set -o errexit + # set -o nounset + # set -o pipefail + echo "Checking for DB initialisation" + if [ -S /opt/bitnami/mariadb/tmp/mysql.sock ]; then + echo "Running DB initialisation..." + /opt/bitnami/mariadb/bin/mysql --user="root" --password="${MARIADB_ROOT_PASSWORD}" < + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## @param postgresql.primary.persistence.accessMode PVC Access Mode for PostgreSQL volume + ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume + primary: + ## @skip postgresql.primary.extraEnvVars + ## Array with extra environment variables, used to create the initial `roundcube` database; DO NOT EDIT; see `global.database` instead + extraEnvVars: | + - name: ROUNDCUBE_DB_PW + valueFrom: + secretKeyRef: + name: {{ include "mailu.database.roundcube.secretName" . }} + key: {{ include "mailu.database.roundcube.secretKey" . }} + - name: ROUNDCUBE_DB_NAME + value: {{ include "mailu.database.roundcube.name" . }} + - name: ROUNDCUBE_DB_USER + value: {{ include "mailu.database.roundcube.username" . }} + + initdb: + ## @skip postgresql.primary.initdb.scripts.create_roundcube_database.sh + ## DO NOT EDIT Script to create the roundcube database + scripts: + create_roundcube_database.sh: | + #!/bin/bash + # set -o errexit + # set -o nounset + # set -o pipefail + info "Running DB initialisation..." + info "Creating database ${ROUNDCUBE_DB_NAME}..." + echo "CREATE DATABASE \"$ROUNDCUBE_DB_NAME\"" | postgresql_execute "" "postgres" "$POSTGRES_POSTGRES_PASSWORD" + info "Creating user ${ROUNDCUBE_DB_USER}" + echo "CREATE ROLE \"${ROUNDCUBE_DB_USER}\" WITH LOGIN CREATEDB PASSWORD '${ROUNDCUBE_DB_PW}';" | postgresql_execute "" "postgres" "$POSTGRES_POSTGRES_PASSWORD" + info "Granting access to \"${ROUNDCUBE_DB_USER}\" to the database \"${ROUNDCUBE_DB_NAME}\"" + echo "GRANT ALL PRIVILEGES ON DATABASE \"${ROUNDCUBE_DB_NAME}\" TO \"${ROUNDCUBE_DB_USER}\"\;" | postgresql_execute "" "postgres" "$POSTGRES_POSTGRES_PASSWORD" + echo "ALTER DATABASE \"${ROUNDCUBE_DB_NAME}\" OWNER TO \"${ROUNDCUBE_DB_USER}\"\;" | postgresql_execute "" "postgres" "$POSTGRES_POSTGRES_PASSWORD" + info "Setting ownership for the 'public' schema database \"${ROUNDCUBE_DB_NAME}\" to \"${ROUNDCUBE_DB_USER}\"" + echo "ALTER SCHEMA public OWNER TO \"${ROUNDCUBE_DB_USER}\"\;" | postgresql_execute "$ROUNDCUBE_DB_NAME" "postgres" "$POSTGRES_POSTGRES_PASSWORD" + + persistence: + enabled: false + storageClass: "" + accessMode: ReadWriteOnce + size: 8Gi + +## @param persistence.single_pvc Setings for a single volume for all apps. +## Set single_pvc: false to use a per app volume and set the properties in .persistence (ex. admin.persistence) +## @param persistence.size Size of the persistent volume claim (for single PVC) +## @param persistence.accessModes Access mode of backing PVC (for single PVC) +## @param persistence.annotations Annotations for the PVC (for single PVC) +## @param persistence.hostPath Path to mount the volume at on the host +## @param persistence.existingClaim Name of existing PVC (for single PVC) +## @param persistence.storageClass Storage class of backing PVC (for single PVC) +## @param persistence.claimNameOverride Override the name of the PVC (for single PVC) +persistence: + single_pvc: true + size: 100Gi + accessModes: [ReadWriteOnce] + annotations: {} + hostPath: "" + existingClaim: "" + storageClass: "" + claimNameOverride: "" + +## @section Ingress settings + +## Set external ingress config +ingress: + ## @param ingress.enabled Enable external ingress + enabled: true + + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ingressClassName: "" + + ## @param ingress.pathType Ingress path type + pathType: ImplementationSpecific + + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + apiVersion: "" + + ## @param ingress.path Default path for the ingress record + path: / + + ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + annotations: {} + + ## @param ingress.tls Enable TLS configuration for the hosts defined at `hostnames` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{ printf "%s-certificates" (include "mailu.fullname" . ) }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false` + tls: true + + ## @param ingress.existingSecret Name of an existing Secret containing the TLS certificates for the Ingress + ## If empty, the expected secret name will be `{{ printf "%s-certificates" (include "mailu.fullname" . ) }}` + existingSecret: "" + + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + selfSigned: false + + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: mailu.local + ## path: / + extraHosts: [] + + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + extraPaths: [] + + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - mailu.local + ## secretName: mailu.local-tls + extraTls: [] + + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days (if `ingress.selfSigned=true`) + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: mailu.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + secrets: [] + + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: mailu.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + extraRules: [] + + ## @param ingress.realIpHeader Sets the value of `REAL_IP_HEADER` environment variable in the `front` pod + realIpHeader: X-Forwarded-For + + ## @param ingress.realIpFrom Sets the value of `REAL_IP_FROM` environment variable in the `front` pod + realIpFrom: "" + + ## @param ingress.tlsFlavorOverride Overrides the value of `TLS_FLAVOR` environment variable in the `front` pod + ## This is normally auto-detected, only change it if you know what you are doing. + tlsFlavorOverride: "" + + ## @param ingress.proxyProtocol.pop3 Enable PROXY protocol for POP3 (110/tcp) + ## @param ingress.proxyProtocol.pop3s Enable PROXY protocol for POP3S (995/tcp) + ## @param ingress.proxyProtocol.imap Enable PROXY protocol for IMAP (143/tcp) + ## @param ingress.proxyProtocol.imaps Enable PROXY protocol for IMAPS (993/tcp) + ## @param ingress.proxyProtocol.smtp Enable PROXY protocol for SMTP (25/tcp) + ## @param ingress.proxyProtocol.smtps Enable PROXY protocol for SMTPS (465/tcp) + ## @param ingress.proxyProtocol.submission Enable PROXY protocol for Submission (587/tcp) + ## @param ingress.proxyProtocol.manageSieve Enable PROXY protocol for ManageSieve (4190/tcp) + ## Enabling any of these requires to have ingress.realIpFrom set + proxyProtocol: + pop3: false + pop3s: false + imap: false + imaps: false + smtp: false + smtps: false + submission: false + manageSieve: false + +## @section Proxy auth configuration +## ref: https://mailu.io/master/configuration.html#header-authentication-using-an-external-proxy +proxyAuth: + ## @param proxyAuth.whitelist Comma separated list of CIDRs of proxies to trust for authentication + whitelist: "" + + ## @param proxyAuth.header HTTP header containing the email address of the user to authenticate + header: "X-Auth-Email" + + ## @param proxyAuth.create Whether non-existing accounts should be auto-created + create: "false" + +## @section Frontend load balancer for non-HTTP(s) services +front: + ## @param front.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param front.image.repository Pod image repository + ## @param front.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param front.image.pullPolicy Pod image pull policy + image: + repository: mailu/nginx + tag: "" + pullPolicy: IfNotPresent + + ## front.controller.kind Deployment only supported for now + # controller: + # kind: Deployment + + ## @param front.hostPort.enabled Expose front mail ports via hostPort + hostPort: + enabled: true + + ## Expose front mail ports via external service (ClusterIP or LoadBalancer) + ## @param front.externalService.enabled Expose front mail ports via external service (ClusterIP or LoadBalancer) + ## @param front.externalService.type Service type (ClusterIP or LoadBalancer) + ## @param front.externalService.externalTrafficPolicy Service externalTrafficPolicy (Cluster or Local) + ## @param front.externalService.loadBalancerIP Service loadBalancerIP + ## @param front.externalService.annotations Service annotations + ## @param front.externalService.ports.pop3 Expose POP3 port - 110/tcp + ## @param front.externalService.ports.pop3s Expose POP3 port (TLS) - 995/tcp + ## @param front.externalService.ports.imap Expose IMAP port - 143/tcp + ## @param front.externalService.ports.imaps Expose IMAP port (TLS) - 993/tcp + ## @param front.externalService.ports.smtp Expose SMTP port - 25/tcp + ## @param front.externalService.ports.smtps Expose SMTP port (TLS) - 465/tcp + ## @param front.externalService.ports.submission Expose Submission port - 587/tcp + ## @param front.externalService.ports.manageSieve Expose ManageSieve port - 4190/tcp + ## @param front.externalService.nodePorts.pop3 NodePort to use for POP3 (defaults to 110/tcp) + ## @param front.externalService.nodePorts.pop3s NodePort to use for POP3 (TLS) (defaults to 995/tcp) + ## @param front.externalService.nodePorts.imap NodePort to use for IMAP (defaults to 143/tcp) + ## @param front.externalService.nodePorts.imaps NodePort to use for IMAP (TLS) (defaults to 993/tcp) + ## @param front.externalService.nodePorts.smtp NodePort to use for SMTP (defaults to 25/tcp) + ## @param front.externalService.nodePorts.smtps NodePort to use for SMTP (TLS) (defaults to 465/tcp) + ## @param front.externalService.nodePorts.submission NodePort to use for Submission (defaults to 587/tcp) + ## @param front.externalService.nodePorts.manageSieve NodePort to use for ManageSieve (defaults to 4190/tcp) + externalService: + enabled: false + type: ClusterIP + ## Example for LoadBalancer: + ## type: LoadBalancer + loadBalancerIP: "" + externalTrafficPolicy: Local + annotations: {} + ports: + pop3: false + pop3s: true + imap: false + imaps: true + smtp: true + smtps: true + submission: false + manageSieve: true + nodePorts: + pop3: 110 + pop3s: 995 + imap: 143 + imaps: 993 + smtp: 25 + smtps: 465 + submission: 587 + manageSieve: 4190 + + ## @param front.kind Kind of resource to create for the front (`Deployment` or `DaemonSet`) + kind: Deployment + + ## @param front.replicaCount Number of front replicas to deploy (only for `Deployment` kind) + replicaCount: 1 + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param front.resources.limits The resources limits for the container + ## @param front.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 200m + ## memory: 200Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 25m + ## memory: 100Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param front.livenessProbe.enabled Enable livenessProbe + ## @param front.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param front.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param front.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param front.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param front.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param front.readinessProbe.enabled Enable readinessProbe + ## @param front.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param front.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param front.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param front.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param front.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 1 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param front.startupProbe.enabled Enable startupProbe + ## @param front.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param front.startupProbe.periodSeconds Period seconds for startupProbe + ## @param front.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param front.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param front.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 30 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## @param front.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param front.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param front.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param front.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param front.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param front.podSecurityContext.enabled Enabled pods' Security Context + ## @param front.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param front.containerSecurityContext.enabled Enabled containers' Security Context + ## @param front.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param front.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param front.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param front.affinity Affinity for front pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param front.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param front.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param front.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param front.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param front.service.annotations Admin service annotations + annotations: {} + + ## @param front.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param front.updateStrategy.type Strategy to use to update Pods + ## `Recreate` or `RollingUpdate` if `front.kind=Deployment` + ## `OnDelete` or `RollingUpdate` if `front.kind=DaemonSet` + updateStrategy: + type: RollingUpdate + + ## @param front.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param front.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param front.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param front.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param front.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param front.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section Admin parameters +admin: + ## @param admin.enabled Enable access to the admin interface + enabled: true + + ## @param admin.uri URI to access the admin interface + uri: /admin + + ## @param admin.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param admin.image.repository Pod image repository + ## @param admin.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param admin.image.pullPolicy Pod image pull policy + image: + repository: mailu/admin + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param admin.persistence.size Pod pvc size + ## @param admin.persistence.storageClass Pod pvc storage class + ## @param admin.persistence.accessModes Pod pvc access modes + ## @param admin.persistence.claimNameOverride Pod pvc name override + ## @param admin.persistence.annotations Pod pvc annotations + persistence: + size: 20Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param admin.resources.limits The resources limits for the container + ## @param admin.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 500Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 25m + ## memory: 25Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param admin.livenessProbe.enabled Enable livenessProbe + ## @param admin.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param admin.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param admin.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param admin.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param admin.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param admin.readinessProbe.enabled Enable readinessProbe + ## @param admin.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param admin.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param admin.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param admin.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param admin.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param admin.startupProbe.enabled Enable startupProbe + ## @param admin.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param admin.startupProbe.periodSeconds Period seconds for startupProbe + ## @param admin.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param admin.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param admin.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## @param admin.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param admin.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param admin.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param admin.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param admin.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param admin.podSecurityContext.enabled Enabled pods' Security Context + ## @param admin.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param admin.containerSecurityContext.enabled Enabled containers' Security Context + ## @param admin.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param admin.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param admin.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param admin.affinity Affinity for admin pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param admin.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param admin.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param admin.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param admin.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param admin.service.annotations Admin service annotations + annotations: {} + + ## @param admin.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param admin.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param admin.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param admin.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param admin.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param admin.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param admin.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param admin.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section Redis parameters +## Redis chart configuration +## for more options see https://github.com/bitnami/charts/tree/master/bitnami/redis +redis: + ## @param redis.enabled Enable redis deployment through the redis subchart + enabled: true + + ## @param redis.architecture Redis architecture. Allowed values: `standalone` or `replication` + architecture: standalone + + ## @param redis.auth.enabled DON'T CHANGE THIS VALUE. Mailu doesn't support Redis authentication + auth: + enabled: false + + master: + ## @param redis.master.enabled DON'T CHANGE THIS VALUE. Enable redis master + enabled: true + + ## @param redis.master.count Number of redis master replicas + count: 1 + + ## @param redis.master.persistence.enabled Enable persistence using Persistent Volume Claims + ## @param redis.master.persistence.size Pod pvc size + ## @param redis.master.persistence.storageClass Pod pvc storage class + ## @param redis.master.persistence.accessModes Pod pvc access modes + ## @param redis.master.persistence.annotations Pod pvc annotations + ## @param redis.master.persistence.existingClaim Pod pvc existing claim; necessary if using single_pvc + ## @param redis.master.persistence.subPath Subpath in PVC; necessary if using single_pvc (set it to `redis`) + persistence: + enabled: true + size: 8Gi + storageClass: "" + accessModes: [ReadWriteOnce] + existingClaim: "" + subPath: "" + annotations: {} + + ## @param redis.replica.count Number of redis replicas (only if `redis.architecture=replication`) + ## Don't forget to configure replicas persistence if changing this value + replica: + count: 0 + +## @section Postfix parameters +postfix: + ## @param postfix.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param postfix.image.repository Pod image repository + ## @param postfix.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param postfix.image.pullPolicy Pod image pull policy + image: + repository: mailu/postfix + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param postfix.persistence.size Pod pvc size + ## @param postfix.persistence.storageClass Pod pvc storage class + ## @param postfix.persistence.accessModes Pod pvc access modes + ## @param postfix.persistence.claimNameOverride Pod pvc name override + ## @param postfix.persistence.annotations Pod pvc annotations + persistence: + size: 20Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param postfix.resources.limits The resources limits for the container + ## @param postfix.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 2Gi + limits: {} + ## Examples: + ## requests: + ## cpu: 500m + ## memory: 2Gi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param postfix.livenessProbe.enabled Enable livenessProbe + ## @param postfix.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param postfix.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param postfix.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param postfix.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param postfix.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param postfix.readinessProbe.enabled Enable readinessProbe + ## @param postfix.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param postfix.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param postfix.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param postfix.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param postfix.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param postfix.startupProbe.enabled Enable startupProbe + ## @param postfix.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param postfix.startupProbe.periodSeconds Period seconds for startupProbe + ## @param postfix.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param postfix.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param postfix.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: true + failureThreshold: 30 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## @param postfix.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param postfix.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param postfix.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param postfix.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param postfix.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param postfix.podSecurityContext.enabled Enabled pods' Security Context + ## @param postfix.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param postfix.containerSecurityContext.enabled Enabled containers' Security Context + ## @param postfix.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param postfix.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param postfix.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param postfix.affinity Affinity for postfix pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param postfix.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param postfix.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param postfix.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param postfix.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param postfix.service.annotations Admin service annotations + annotations: {} + + ## @param postfix.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param postfix.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param postfix.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param postfix.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param postfix.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param postfix.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param postfix.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param postfix.extraContainers Add additional containers to the pod + extraContainers: [] + + ## @param postfix.overrides Enable postfix overrides + ## More info here: https://mailu.io/master/faq.html#how-can-i-override-settings + ## Example: + ## overrides: + ## postfix.cf: | + ## my_variable = my_value + overrides: {} + +## @section Dovecot parameters +dovecot: + ## @param dovecot.enabled Enable dovecot + enabled: true + + ## @param dovecot.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param dovecot.image.repository Pod image repository + ## @param dovecot.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param dovecot.image.pullPolicy Pod image pull policy + image: + repository: mailu/dovecot + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param dovecot.persistence.size Pod pvc size + ## @param dovecot.persistence.storageClass Pod pvc storage class + ## @param dovecot.persistence.accessModes Pod pvc access modes + ## @param dovecot.persistence.claimNameOverride Pod pvc name override + ## @param dovecot.persistence.annotations Pod pvc annotations + persistence: + size: 20Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param dovecot.resources.limits The resources limits for the container + ## @param dovecot.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 500Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 25m + ## memory: 25Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param dovecot.livenessProbe.enabled Enable livenessProbe + ## @param dovecot.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param dovecot.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param dovecot.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param dovecot.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param dovecot.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param dovecot.readinessProbe.enabled Enable readinessProbe + ## @param dovecot.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param dovecot.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param dovecot.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param dovecot.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param dovecot.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param dovecot.startupProbe.enabled Enable startupProbe + ## @param dovecot.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param dovecot.startupProbe.periodSeconds Period seconds for startupProbe + ## @param dovecot.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param dovecot.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param dovecot.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + + ## @param dovecot.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param dovecot.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param dovecot.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param dovecot.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param dovecot.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param dovecot.podSecurityContext.enabled Enabled pods' Security Context + ## @param dovecot.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param dovecot.containerSecurityContext.enabled Enabled containers' Security Context + ## @param dovecot.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param dovecot.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param dovecot.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param dovecot.affinity Affinity for dovecot pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param dovecot.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param dovecot.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param dovecot.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param dovecot.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param dovecot.service.annotations Admin service annotations + annotations: {} + + ## @param dovecot.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param dovecot.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param dovecot.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param dovecot.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param dovecot.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param dovecot.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param dovecot.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param dovecot.extraContainers Add additional containers to the pod + extraContainers: [] + + ## @param dovecot.overrides Enable dovecot overrides + ## Example: + ## overrides: + ## dovecot.conf: | + ## # More info here: https://mailu.io/1.8/kubernetes/mailu/index.html#dovecot + ## mail_nfs_index = yes + ## mail_nfs_storage = yes + ## mail_fsync = always + ## mmap_disable = yes + ## mail_max_userip_connections=100 + overrides: {} + + ## @param dovecot.compression Maildir compression algorithm (gz, bz2, lz4, zstd) + compression: "" + + ## @param dovecot.compressionLevel Maildir compression level (1-9) + compressionLevel: 6 + +## @section rspamd parameters +rspamd: + ## @param rspamd.enabled Enable rspamd + enabled: true + ## @param rspamd.overrides Enable rspamd overrides + ## More info here: https://mailu.io/master/faq.html#how-can-i-override-settings + ## Example: + ## overrides: + ## fileA.conf: | + ## obj { + ## key = value; + ## } + overrides: {} + + ## @param rspamd.antivirusAction Action to take when an virus is detected. Possible values: `reject` or `discard` + antivirusAction: "discard" + + ## @param rspamd.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param rspamd.image.repository Pod image repository + ## @param rspamd.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param rspamd.image.pullPolicy Pod image pull policy + image: + repository: mailu/rspamd + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param rspamd.persistence.size Pod pvc size + ## @param rspamd.persistence.storageClass Pod pvc storage class + ## @param rspamd.persistence.accessModes Pod pvc access modes + ## @param rspamd.persistence.claimNameOverride Pod pvc name override + ## @param rspamd.persistence.annotations Pod pvc annotations + persistence: + size: 1Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param rspamd.resources.limits The resources limits for the container + ## @param rspamd.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 200m + ## memory: 200Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 100Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param rspamd.livenessProbe.enabled Enable livenessProbe + ## @param rspamd.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param rspamd.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param rspamd.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param rspamd.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param rspamd.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param rspamd.readinessProbe.enabled Enable readinessProbe + ## @param rspamd.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param rspamd.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param rspamd.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param rspamd.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param rspamd.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## give it 15 minutes for initial rule compilation + ## @param rspamd.startupProbe.enabled Enable startupProbe + ## @param rspamd.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param rspamd.startupProbe.periodSeconds Period seconds for startupProbe + ## @param rspamd.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param rspamd.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param rspamd.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: true + failureThreshold: 90 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## @param rspamd.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param rspamd.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param rspamd.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param rspamd.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param rspamd.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param rspamd.podSecurityContext.enabled Enabled pods' Security Context + ## @param rspamd.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param rspamd.containerSecurityContext.enabled Enabled containers' Security Context + ## @param rspamd.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param rspamd.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param rspamd.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param rspamd.affinity Affinity for rspamd pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param rspamd.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param rspamd.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param rspamd.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param rspamd.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param rspamd.service.annotations Admin service annotations + annotations: {} + + ## @param rspamd.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param rspamd.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param rspamd.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param rspamd.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param rspamd.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param rspamd.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param rspamd.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param rspamd.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section clamav parameters +clamav: + ## @param clamav.enabled Enable ClamAV + enabled: true + + ## @param clamav.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param clamav.image.repository Pod image repository + ## @param clamav.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param clamav.image.pullPolicy Pod image pull policy + ## @param clamav.image.registry Pod image registry (specific for clamav as it is not part of the mailu organization) + image: + repository: clamav/clamav-debian + tag: 1.2.0-6 + pullPolicy: IfNotPresent + registry: docker.io + + ## Pod persistence (if not using single_pvc) + persistence: + ## @param clamav.persistence.enabled Enable persistence using PVC + enabled: true + + ## @param clamav.persistence.size Pod pvc size + size: 2Gi + + ## @param clamav.persistence.storageClass Pod pvc storage class + storageClass: "" + + ## @param clamav.persistence.accessModes Pod pvc access modes + accessModes: [ReadWriteOnce] + + ## @param clamav.persistence.annotations Pod pvc annotations + annotations: {} + + ## @param clamav.persistence.labels Pod pvc labels + labels: {} + + ## @param clamav.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + + ## @param clamav.persistence.dataSource Custom PVC data source + dataSource: {} + + ## @param clamav.persistence.existingClaim Use a existing PVC which must be created manually before bound + ## NOTE: requires clamav.persistence.enabled: true + existingClaim: "" + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param clamav.resources.limits The resources limits for the container + ## @param clamav.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 1 + ## memory: 2Gi + limits: {} + ## Examples: + ## requests: + ## cpu: 1 + ## memory: 1Gi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param clamav.livenessProbe.enabled Enable livenessProbe + ## @param clamav.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param clamav.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param clamav.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param clamav.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param clamav.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param clamav.readinessProbe.enabled Enable readinessProbe + ## @param clamav.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param clamav.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param clamav.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param clamav.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param clamav.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## give it 15 minutes for initial rule compilation + ## @param clamav.startupProbe.enabled Enable startupProbe + ## @param clamav.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param clamav.startupProbe.periodSeconds Period seconds for startupProbe + ## @param clamav.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param clamav.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param clamav.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 60 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## @param clamav.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param clamav.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param clamav.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param clamav.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param clamav.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param clamav.podSecurityContext.enabled Enabled pods' Security Context + ## @param clamav.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param clamav.containerSecurityContext.enabled Enabled containers' Security Context + ## @param clamav.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param clamav.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param clamav.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param clamav.affinity Affinity for clamav pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## clamav must share a volume with rspamd. This is usually enforced by the volume itself (RWO). If you use RWM volumes and want to + ## have clamav running on the same node, add the following affinity rule: + ## affinity: + ## podAffinity: + ## requiredDuringSchedulingIgnoredDuringExecution: + ## - labelSelector: + ## matchExpressions: + ## - key: app.kubernetes.io/component + ## operator: In + ## values: + ## - rspamd + ## topologyKey: kubernetes.io/hostname + affinity: {} + + ## @param clamav.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param clamav.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param clamav.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param clamav.service.annotations Admin service annotations + annotations: {} + + ## @param clamav.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param clamav.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param clamav.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param clamav.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param clamav.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param clamav.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param clamav.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param clamav.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section webmail parameters +webmail: + ## @param webmail.enabled Enable deployment of webmail + enabled: true + + ## @param webmail.uri URI to access webmail + uri: /webmail + + ## @param webmail.type Type of webmail to deploy (`roundcube` or `snappymail`) + type: roundcube + + ## @param webmail.roundcubePlugins List of Roundcube plugins to enable + roundcubePlugins: + - archive + - zipdownload + - markasjunk + - managesieve + - enigma + - carddav + - mailu + + ## @param webmail.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param webmail.image.repository Pod image repository + ## @param webmail.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param webmail.image.pullPolicy Pod image pull policy + image: + repository: mailu/webmail + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param webmail.persistence.size Pod pvc size + ## @param webmail.persistence.storageClass Pod pvc storage class + ## @param webmail.persistence.accessModes Pod pvc access modes + ## @param webmail.persistence.claimNameOverride Pod pvc name override + ## @param webmail.persistence.annotations Pod pvc annotations + persistence: + size: 20Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param webmail.resources.limits The resources limits for the container + ## @param webmail.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 200m + ## memory: 200Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 100Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param webmail.livenessProbe.enabled Enable livenessProbe + ## @param webmail.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param webmail.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param webmail.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param webmail.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param webmail.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param webmail.readinessProbe.enabled Enable readinessProbe + ## @param webmail.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param webmail.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param webmail.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param webmail.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param webmail.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param webmail.startupProbe.enabled Enable startupProbe + ## @param webmail.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param webmail.startupProbe.periodSeconds Period seconds for startupProbe + ## @param webmail.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param webmail.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param webmail.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## @param webmail.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param webmail.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param webmail.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param webmail.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param webmail.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param webmail.podSecurityContext.enabled Enabled pods' Security Context + ## @param webmail.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param webmail.containerSecurityContext.enabled Enabled containers' Security Context + ## @param webmail.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param webmail.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param webmail.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param webmail.affinity Affinity for webmail pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param webmail.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param webmail.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param webmail.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param webmail.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param webmail.service.annotations Admin service annotations + annotations: {} + + ## @param webmail.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param webmail.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param webmail.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param webmail.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param webmail.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param webmail.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param webmail.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param webmail.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section webdav parameters +webdav: + ## @param webdav.enabled Enable deployment of WebDAV server (using Radicale) + enabled: false + + ## @param webdav.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param webdav.image.repository Pod image repository + ## @param webdav.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param webdav.image.pullPolicy Pod image pull policy + image: + repository: mailu/radicale + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param webdav.persistence.size Pod pvc size + ## @param webdav.persistence.storageClass Pod pvc storage class + ## @param webdav.persistence.accessModes Pod pvc access modes + ## @param webdav.persistence.claimNameOverride Pod pvc name override + ## @param webdav.persistence.annotations Pod pvc annotations + persistence: + size: 20Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param webdav.resources.limits The resources limits for the container + ## @param webdav.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 500Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 25m + ## memory: 25Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param webdav.livenessProbe.enabled Enable livenessProbe + ## @param webdav.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param webdav.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param webdav.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param webdav.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param webdav.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param webdav.readinessProbe.enabled Enable readinessProbe + ## @param webdav.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param webdav.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param webdav.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param webdav.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param webdav.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param webdav.startupProbe.enabled Enable startupProbe + ## @param webdav.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param webdav.startupProbe.periodSeconds Period seconds for startupProbe + ## @param webdav.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param webdav.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param webdav.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## @param webdav.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param webdav.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param webdav.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param webdav.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param webdav.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param webdav.podSecurityContext.enabled Enabled pods' Security Context + ## @param webdav.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param webdav.containerSecurityContext.enabled Enabled containers' Security Context + ## @param webdav.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param webdav.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param webdav.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param webdav.affinity Affinity for webdav pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param webdav.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param webdav.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param webdav.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param webdav.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param webdav.service.annotations Admin service annotations + annotations: {} + + ## @param webdav.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param webdav.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param webdav.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param webdav.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param webdav.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param webdav.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param webdav.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param webdav.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section fetchmail parameters +fetchmail: + ## @param fetchmail.enabled Enable deployment of fetchmail + enabled: false + + ## @param fetchmail.delay Delay between fetchmail runs + delay: 600 + + ## @param fetchmail.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param fetchmail.image.repository Pod image repository + ## @param fetchmail.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param fetchmail.image.pullPolicy Pod image pull policy + image: + repository: mailu/fetchmail + tag: "" + pullPolicy: IfNotPresent + + ## Pod persistence (if not using single_pvc) + ## @param fetchmail.persistence.size Pod pvc size + ## @param fetchmail.persistence.storageClass Pod pvc storage class + ## @param fetchmail.persistence.accessModes Pod pvc access modes + ## @param fetchmail.persistence.claimNameOverride Pod pvc name override + ## @param fetchmail.persistence.annotations Pod pvc annotations + persistence: + size: 20Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param fetchmail.resources.limits The resources limits for the container + ## @param fetchmail.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 200m + ## memory: 200Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 100Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param fetchmail.livenessProbe.enabled Enable livenessProbe + ## @param fetchmail.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param fetchmail.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param fetchmail.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param fetchmail.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param fetchmail.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param fetchmail.readinessProbe.enabled Enable readinessProbe + ## @param fetchmail.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param fetchmail.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param fetchmail.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param fetchmail.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param fetchmail.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param fetchmail.startupProbe.enabled Enable startupProbe + ## @param fetchmail.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param fetchmail.startupProbe.periodSeconds Period seconds for startupProbe + ## @param fetchmail.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param fetchmail.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param fetchmail.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## @param fetchmail.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param fetchmail.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param fetchmail.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param fetchmail.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param fetchmail.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param fetchmail.podSecurityContext.enabled Enabled pods' Security Context + ## @param fetchmail.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param fetchmail.containerSecurityContext.enabled Enabled containers' Security Context + ## @param fetchmail.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param fetchmail.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param fetchmail.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param fetchmail.affinity Affinity for fetchmail pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param fetchmail.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param fetchmail.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param fetchmail.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param fetchmail.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param fetchmail.service.annotations Admin service annotations + annotations: {} + + ## @param fetchmail.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param fetchmail.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param fetchmail.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param fetchmail.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param fetchmail.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param fetchmail.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param fetchmail.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param fetchmail.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section OLETools parameters +oletools: + ## @param oletools.enabled Enable OLETools + enabled: true + + ## @param oletools.logLevel Override default log level + logLevel: "" + + ## Pod image + ## @param oletools.image.repository Pod image repository + ## @param oletools.image.tag Pod image tag (defaults to mailuVersion if set, otherwise Chart.AppVersion) + ## @param oletools.image.pullPolicy Pod image pull policy + image: + repository: mailu/oletools + tag: "" + pullPolicy: IfNotPresent + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param oletools.resources.limits The resources limits for the container + ## @param oletools.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 500Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 25m + ## memory: 25Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param oletools.livenessProbe.enabled Enable livenessProbe + ## @param oletools.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param oletools.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param oletools.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param oletools.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param oletools.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param oletools.readinessProbe.enabled Enable readinessProbe + ## @param oletools.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param oletools.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param oletools.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param oletools.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param oletools.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param oletools.startupProbe.enabled Enable startupProbe + ## @param oletools.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param oletools.startupProbe.periodSeconds Period seconds for startupProbe + ## @param oletools.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param oletools.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param oletools.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## @param oletools.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param oletools.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param oletools.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param oletools.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param oletools.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param oletools.podSecurityContext.enabled Enabled pods' Security Context + ## @param oletools.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param oletools.containerSecurityContext.enabled Enabled containers' Security Context + ## @param oletools.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param oletools.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param oletools.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param oletools.affinity Affinity for oletools pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param oletools.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param oletools.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param oletools.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param oletools.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param oletools.service.annotations oletools service annotations + annotations: {} + + ## @param oletools.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param oletools.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param oletools.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param oletools.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param oletools.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param oletools.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param oletools.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param oletools.extraContainers Add additional containers to the pod + extraContainers: [] + +## @section Tika parameters +tika: + ## @param tika.enabled Enable tika + enabled: true + + ## @param tika.logLevel Override default log level + logLevel: "" + + ## @param tika.languages Array of languages to enable (sets the FULL_TEXT_SEARCH environment variable); "off" to disable + ## See https://doc.dovecot.org/settings/plugin/fts-plugin/#fts-languages for all available languages + languages: + - en + + ## Pod image + ## @param tika.image.repository Pod image repository + ## @param tika.image.tag Pod image tag + ## @param tika.image.pullPolicy Pod image pull policy + ## @param tika.image.registry Pod image registry (specific for tika as it is not part of the mailu organization) + image: + repository: apache/tika + tag: 2.9.2.1-full + pullPolicy: IfNotPresent + registry: docker.io + + ## Pod resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param tika.resources.limits The resources limits for the container + ## @param tika.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 500Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 25m + ## memory: 25Mi + requests: {} + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param tika.livenessProbe.enabled Enable livenessProbe + ## @param tika.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param tika.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param tika.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param tika.livenessProbe.successThreshold Success threshold for livenessProbe + ## @param tika.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param tika.readinessProbe.enabled Enable readinessProbe + ## @param tika.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param tika.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param tika.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param tika.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param tika.readinessProbe.successThreshold Success threshold for readinessProbe + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param tika.startupProbe.enabled Enable startupProbe + ## @param tika.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param tika.startupProbe.periodSeconds Period seconds for startupProbe + ## @param tika.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param tika.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param tika.startupProbe.successThreshold Success threshold for startupProbe + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + ## @param tika.podLabels Add extra labels to pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + podLabels: {} + + ## @param tika.podAnnotations Add extra annotations to the pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## @param tika.nodeSelector Node labels selector for pod assignment + nodeSelector: {} + + ## @param tika.initContainers Add additional init containers to the pod + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + initContainers: [] + + ## @param tika.priorityClassName Pods' priorityClassName + priorityClassName: "" + + ## @param tika.podSecurityContext.enabled Enabled pods' Security Context + ## @param tika.podSecurityContext.fsGroup Set pods' Security Context fsGroup + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + enabled: false + fsGroup: 1001 + + ## @param tika.containerSecurityContext.enabled Enabled containers' Security Context + ## @param tika.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param tika.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: false + + ## @param tika.terminationGracePeriodSeconds In seconds, time given to the pod to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + terminationGracePeriodSeconds: 2 + + ## @param tika.affinity Affinity for tika pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + ## @param tika.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## @param tika.revisionHistoryLimit Configure the revisionHistoryLimit of the deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + revisionHistoryLimit: 3 + + ## @param tika.hostAliases Pod pod host aliases + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + hostAliases: [] + + ## @param tika.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + schedulerName: "" + + # Service parameters + service: + ## @param tika.service.annotations tika service annotations + annotations: {} + + ## @param tika.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + + ## Strategy to use to update Pods + ## @param tika.updateStrategy.type Can be set to RollingUpdate or OnDelete + updateStrategy: + type: RollingUpdate + + ## @param tika.extraEnvVars Extra environment variable to pass to the running container + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + extraEnvVars: [] + + ## @param tika.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables to mount in the pod + extraEnvVarsCM: "" + + ## @param tika.extraEnvVarsSecret Name of existing Secret containing extra environment variables to mount in the pod + extraEnvVarsSecret: "" + + ## @param tika.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the pod + extraVolumeMounts: [] + + ## @param tika.extraVolumes Optionally specify extra list of additional volumes for the pod(s) + extraVolumes: [] + + ## @param tika.extraContainers Add additional containers to the pod + extraContainers: [] diff --git a/manifests/values.yaml b/manifests/values.yaml new file mode 100644 index 0000000..cfde311 --- /dev/null +++ b/manifests/values.yaml @@ -0,0 +1,36 @@ +domain: dvirlabs.com +hostnames: + - mail.dvirlabs.com + +ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt + tls: + certresolver: letsencrypt + +persistence: + enabled: true + storageClass: nfs-client + size: 10Gi + +admin: + username: admin + initialPassword: "changeme123" + +tls: + certmanager: + enabled: true + secretName: mailu-certificates # Optional but keeps name predictable + +service: + front: + type: ClusterIP + smtp: + type: ClusterIP + +dkim: + enabled: true