From 2ce34eebe6ca96916d0547f3906f0b46d18e0a3c Mon Sep 17 00:00:00 2001
From: Janne Mareike Koschinski <mail@justjanne.de>
Date: Fri, 28 Apr 2023 17:29:27 +0200
Subject: [PATCH] fix: remove mailu
---
.gitlab-ci.yml | 27 ++--
mailu/Chart.yaml | 6 -
mailu/pipeline.yml | 21 ---
mailu/templates/_helpers.tpl | 51 ------
mailu/templates/certificate.yaml | 12 --
mailu/templates/configmap-admin.yaml | 71 ---------
mailu/templates/configmap-autodiscover.yaml | 83 ----------
mailu/templates/configmap-front.yaml | 152 ------------------
mailu/templates/configmap-global.yaml | 67 --------
mailu/templates/configmap-smtp.yaml | 43 ------
mailu/templates/daemonset-front.yaml | 103 -------------
mailu/templates/deploy-admin.yaml | 90 -----------
mailu/templates/deploy-antispam.yaml | 84 ----------
mailu/templates/deploy-autodiscover.yaml | 76 ---------
mailu/templates/deploy-imap.yaml | 95 ------------
mailu/templates/deploy-smtp.yaml | 101 ------------
mailu/templates/deploy-webdav.yaml | 73 ---------
mailu/templates/deploy-webmail.yaml | 79 ----------
mailu/templates/ingress-admin.yaml | 41 -----
mailu/templates/ingress-antispam.yaml | 30 ----
mailu/templates/ingress-autodiscover.yaml | 75 ---------
mailu/templates/ingress-webdav.yaml | 30 ----
mailu/templates/ingress-webmail.yaml | 31 ----
mailu/templates/secret-global.yaml | 12 --
mailu/templates/service-admin.yaml | 17 --
mailu/templates/service-antispam.yaml | 21 ---
mailu/templates/service-autodiscover.yaml | 17 --
mailu/templates/service-front.yaml | 49 ------
mailu/templates/service-imap.yaml | 33 ----
mailu/templates/service-smtp.yaml | 33 ----
mailu/templates/service-webdav.yaml | 17 --
mailu/templates/service-webmail.yaml | 17 --
mailu/values.yaml | 163 --------------------
33 files changed, 13 insertions(+), 1807 deletions(-)
delete mode 100644 mailu/Chart.yaml
delete mode 100644 mailu/pipeline.yml
delete mode 100644 mailu/templates/_helpers.tpl
delete mode 100644 mailu/templates/certificate.yaml
delete mode 100644 mailu/templates/configmap-admin.yaml
delete mode 100644 mailu/templates/configmap-autodiscover.yaml
delete mode 100644 mailu/templates/configmap-front.yaml
delete mode 100644 mailu/templates/configmap-global.yaml
delete mode 100644 mailu/templates/configmap-smtp.yaml
delete mode 100644 mailu/templates/daemonset-front.yaml
delete mode 100644 mailu/templates/deploy-admin.yaml
delete mode 100644 mailu/templates/deploy-antispam.yaml
delete mode 100644 mailu/templates/deploy-autodiscover.yaml
delete mode 100644 mailu/templates/deploy-imap.yaml
delete mode 100644 mailu/templates/deploy-smtp.yaml
delete mode 100644 mailu/templates/deploy-webdav.yaml
delete mode 100644 mailu/templates/deploy-webmail.yaml
delete mode 100644 mailu/templates/ingress-admin.yaml
delete mode 100644 mailu/templates/ingress-antispam.yaml
delete mode 100644 mailu/templates/ingress-autodiscover.yaml
delete mode 100644 mailu/templates/ingress-webdav.yaml
delete mode 100644 mailu/templates/ingress-webmail.yaml
delete mode 100644 mailu/templates/secret-global.yaml
delete mode 100644 mailu/templates/service-admin.yaml
delete mode 100644 mailu/templates/service-antispam.yaml
delete mode 100644 mailu/templates/service-autodiscover.yaml
delete mode 100644 mailu/templates/service-front.yaml
delete mode 100644 mailu/templates/service-imap.yaml
delete mode 100644 mailu/templates/service-smtp.yaml
delete mode 100644 mailu/templates/service-webdav.yaml
delete mode 100644 mailu/templates/service-webmail.yaml
delete mode 100644 mailu/values.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 325a28e..aa1c105 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,17 +7,16 @@ stages:
- lint
- release
include:
-- /actual/pipeline.yml
-- /flood/pipeline.yml
-- /imghost/pipeline.yml
-- /jellyfin/pipeline.yml
-- /languagetool/pipeline.yml
-- /mailu/pipeline.yml
-- /mastodon/pipeline.yml
-- /oauth2-proxy/pipeline.yml
-- /powerdns/pipeline.yml
-- /postgresql/pipeline.yml
-- /quassel/pipeline.yml
-- /restic/pipeline.yml
-- /rtorrent/pipeline.yml
-- /seafile/pipeline.yml
+ - /actual/pipeline.yml
+ - /flood/pipeline.yml
+ - /imghost/pipeline.yml
+ - /jellyfin/pipeline.yml
+ - /languagetool/pipeline.yml
+ - /mastodon/pipeline.yml
+ - /oauth2-proxy/pipeline.yml
+ - /powerdns/pipeline.yml
+ - /postgresql/pipeline.yml
+ - /quassel/pipeline.yml
+ - /restic/pipeline.yml
+ - /rtorrent/pipeline.yml
+ - /seafile/pipeline.yml
diff --git a/mailu/Chart.yaml b/mailu/Chart.yaml
deleted file mode 100644
index b846d28..0000000
--- a/mailu/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: mailu
-description: Helm Chart for Mailu
-type: application
-version: 1.3.7
-appVersion: "1.9.28"
diff --git a/mailu/pipeline.yml b/mailu/pipeline.yml
deleted file mode 100644
index 5887413..0000000
--- a/mailu/pipeline.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-lint-mailu:
- stage: lint
- rules:
- - changes:
- - mailu/**/*
- script:
- - helm lint mailu
-
-release-mailu:
- stage: release
- needs:
- - lint-mailu
- rules:
- - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- changes:
- - mailu/**/*
- script:
- - apk add --no-cache git
- - helm plugin install https://github.com/chartmuseum/helm-push.git
- - helm repo add --username gitlab-ci-token --password $CI_JOB_TOKEN repo ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
- - helm cm-push mailu repo
diff --git a/mailu/templates/_helpers.tpl b/mailu/templates/_helpers.tpl
deleted file mode 100644
index aa23057..0000000
--- a/mailu/templates/_helpers.tpl
+++ /dev/null
@@ -1,51 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "mailu-helm.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "mailu-helm.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "mailu-helm.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "mailu-helm.labels" -}}
-helm.sh/chart: {{ include "mailu-helm.chart" . }}
-{{ include "mailu-helm.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "mailu-helm.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "mailu-helm.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
diff --git a/mailu/templates/certificate.yaml b/mailu/templates/certificate.yaml
deleted file mode 100644
index d44186e..0000000
--- a/mailu/templates/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-tls
-spec:
- commonName: {{ .Values.certificate.commonName }}
- dnsNames:
- {{- toYaml .Values.certificate.hostnames | nindent 4 }}
- issuerRef:
- kind: ClusterIssuer
- name: {{ .Values.certificate.issuer }}
- secretName: {{ include "mailu-helm.fullname" . }}-tls
diff --git a/mailu/templates/configmap-admin.yaml b/mailu/templates/configmap-admin.yaml
deleted file mode 100644
index ef42db6..0000000
--- a/mailu/templates/configmap-admin.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-admin
- labels:
- component: admin
- {{- include "mailu-helm.labels" . | nindent 4 }}
-data:
- start.py: |-
- #!/usr/bin/python3
-
- import os
- import logging as log
- import sys
-
- log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "INFO"))
-
- os.system("flask db upgrade")
-
- account = os.environ.get("INITIAL_ADMIN_ACCOUNT")
- domain = os.environ.get("INITIAL_ADMIN_DOMAIN")
- password = os.environ.get("INITIAL_ADMIN_PW")
-
- if account is not None and domain is not None and password is not None:
- mode = os.environ.get("INITIAL_ADMIN_MODE", default="ifmissing")
- log.info("Creating initial admin accout %s@%s with mode %s", account, domain, mode)
- os.system("flask mailu admin %s %s '%s' --mode %s" % (account, domain, password, mode))
-
-
- def test_DNS():
- import dns.resolver
- import dns.exception
- import dns.flags
- import dns.rdtypes
- import dns.rdatatype
- import dns.rdataclass
- import time
- # DNS stub configured to do DNSSEC enabled queries
- resolver = dns.resolver.Resolver()
- resolver.use_edns(0, dns.flags.DO, 1232)
- resolver.flags = dns.flags.AD | dns.flags.RD
- nameservers = resolver.nameservers
- for ns in nameservers:
- resolver.nameservers = [ns]
- while True:
- try:
- result = resolver.resolve('example.org', dns.rdatatype.A, dns.rdataclass.IN, lifetime=10)
- except Exception as e:
- log.critical(
- "Your DNS resolver at %s is not working (%s). Please see https://mailu.io/master/faq.html#the-admin-container-won-t-start-and-its-log-says-critical-your-dns-resolver-isn-t-doing-dnssec-validation",
- ns, e);
- else:
- if result.response.flags & dns.flags.AD:
- break
- log.critical(
- "Your DNS resolver at %s isn't doing DNSSEC validation; Please see https://mailu.io/master/faq.html#the-admin-container-won-t-start-and-its-log-says-critical-your-dns-resolver-isn-t-doing-dnssec-validation.",
- ns)
- time.sleep(5)
-
-
- test_DNS()
-
- start_command = "".join([
- "gunicorn --threads ", str(os.cpu_count()),
- " -b :80 ",
- "--access-logfile - " if (log.root.level <= log.INFO) else "",
- "--error-logfile - ",
- "--preload ",
- "'mailu:create_app()'"])
-
- os.system(start_command)
diff --git a/mailu/templates/configmap-autodiscover.yaml b/mailu/templates/configmap-autodiscover.yaml
deleted file mode 100644
index 3f4d1a0..0000000
--- a/mailu/templates/configmap-autodiscover.yaml
+++ /dev/null
@@ -1,83 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: autodiscover
-data:
- config-v1.1.xml: |-
- <?xml version="1.0" encoding="UTF-8"?>
- <clientConfig version="1.1">
- <emailProvider id="{{ .Values.config.domain }}">
- <domain>{{ .Values.config.domain }}</domain>
- <displayName>{{ .Values.config.siteName }}</displayName>
- <displayShortName>{{ .Values.config.domain }}</displayShortName>
- <incomingServer type="imap">
- <hostname>{{ .Values.config.domain }}</hostname>
- <port>993</port>
- <socketType>SSL</socketType>
- <authentication>password-cleartext</authentication>
- <username>%EMAILADDRESS%</username>
- </incomingServer>
- <outgoingServer type="smtp">
- <hostname>kuschku.de</hostname>
- <port>465</port>
- <socketType>SSL</socketType>
- <authentication>password-cleartext</authentication>
- <username>%EMAILADDRESS%</username>
- </outgoingServer>
- <documentation url="{{ .Values.admin.host }}{{ .Values.admin.path }}/ui/client">
- <descr lang="en">Configure your email client</descr>
- </documentation>
- </emailProvider>
- </clientConfig>
- autodiscover.xml: |-
- <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
- <User>
- <DisplayName>{{ .Values.config.siteName }}</DisplayName>
- </User>
- <Account>
- <AccountType>email</AccountType>
- <Action>settings</Action>
- <ServiceHome>{{ .Values.admin.host }}{{ .Values.admin.path }}</ServiceHome>
- <Protocol>
- <Type>IMAP</Type>
- <Server>{{ .Values.config.domain }}</Server>
- <Port>993</Port>
- <DomainRequired>true</DomainRequired>
- <SPA>off</SPA>
- <SSL>on</SSL>
- <AuthRequired>on</AuthRequired>
- <SMTPLast>off</SMTPLast>
- </Protocol>
- <Protocol>
- <Type>SMTP</Type>
- <Server>{{ .Values.config.domain }}</Server>
- <Port>465</Port>
- <DomainRequired>true</DomainRequired>
- <SPA>off</SPA>
- <SSL>on</SSL>
- <AuthRequired>on</AuthRequired>
- <SMTPLast>off</SMTPLast>
- </Protocol>
- <Protocol>
- <Type>DAV</Type>
- <Server>{{ .Values.webdav.host }}{{ .Values.webdav.path }}</Server>
- <DomainRequired>true</DomainRequired>
- <SPA>off</SPA>
- <SSL>on</SSL>
- <AuthRequired>on</AuthRequired>
- </Protocol>
- </Account>
- </Response>
- </Autodiscover>
- mta-sts.txt: |-
- version: STSv1
- mode: enforce
- {{ range .Values.config.hostnames -}}
- mx: {{ . }}
- {{ end -}}
- max_age: 1209600
diff --git a/mailu/templates/configmap-front.yaml b/mailu/templates/configmap-front.yaml
deleted file mode 100644
index 7b2fac9..0000000
--- a/mailu/templates/configmap-front.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-front
- labels:
- component: front
- {{- include "mailu-helm.labels" . | nindent 4 }}
-data:
- nginx.conf: |-
- # Basic configuration
- user nginx;
- worker_processes auto;
- error_log /dev/stderr notice;
- pid /var/run/nginx.pid;
- load_module "modules/ngx_mail_module.so";
-
- events {
- worker_connections 1024;
- }
-
- http {
- # Standard HTTP configuration with slight hardening
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- access_log /dev/stdout;
- sendfile on;
- keepalive_timeout 65;
- server_tokens off;
- absolute_redirect off;
- resolver {{ "{{" }} RESOLVER }} valid=30s;
-
- {% if REAL_IP_HEADER %}
- real_ip_header {{ "{{" }} REAL_IP_HEADER }};
- {% endif %}
-
- {% if REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}
- set_real_ip_from {{ "{{" }} from_ip }};
- {% endfor %}{% endif %}
-
- # Header maps
- map $http_x_forwarded_proto $proxy_x_forwarded_proto {
- default $http_x_forwarded_proto;
- '' $scheme;
- }
- }
-
- mail {
- server_name "{{ .Values.config.domain }}";
- auth_http http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/email;
- proxy_pass_error_message on;
- resolver {{ "{{" }} RESOLVER }} valid=30s;
-
- {% if TLS and not TLS_ERROR %}
- include /etc/nginx/tls.conf;
- ssl_session_cache shared:SSLMAIL:50m;
- {% endif %}
-
- # Advertise real capabilites of backends (postfix/dovecot)
- smtp_capabilities PIPELINING SIZE {{ "{{" }} MESSAGE_SIZE_LIMIT }} ETRN ENHANCEDSTATUSCODES 8BITMIME DSN;
- pop3_capabilities TOP UIDL RESP-CODES PIPELINING AUTH-RESP-CODE USER;
- imap_capabilities IMAP4 IMAP4rev1 UIDPLUS SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+;
-
- # Default SMTP server for the webmail (no encryption, but authentication)
- server {
- listen 10025;
- protocol smtp;
- smtp_auth plain;
- auth_http_header Auth-Port 10025;
- }
-
- # Default IMAP server for the webmail (no encryption, but authentication)
- server {
- listen 10143;
- protocol imap;
- smtp_auth plain;
- auth_http_header Auth-Port 10143;
- }
-
- # All other protocols are disabled if TLS is failing
- {% if not TLS_ERROR %}
- server {
- listen 143;
- listen [::]:143;
- {% if TLS %}
- starttls only;
- {% endif %}
- protocol imap;
- imap_auth plain;
- auth_http_header Auth-Port 143;
- }
-
- server {
- listen 110;
- listen [::]:110;
- {% if TLS %}
- starttls only;
- {% endif %}
- protocol pop3;
- pop3_auth plain;
- auth_http_header Auth-Port 110;
- }
-
- server {
- listen 587;
- listen [::]:587;
- {% if TLS %}
- starttls only;
- {% endif %}
- protocol smtp;
- smtp_auth plain login;
- auth_http_header Auth-Port 587;
- }
-
- {% if TLS %}
- server {
- listen 465 ssl;
- listen [::]:465 ssl;
- protocol smtp;
- smtp_auth plain login;
- auth_http_header Auth-Port 465;
- }
-
- server {
- listen 993 ssl;
- listen [::]:993 ssl;
- protocol imap;
- imap_auth plain;
- auth_http_header Auth-Port 993;
- }
-
- server {
- listen 995 ssl;
- listen [::]:995 ssl;
- protocol pop3;
- pop3_auth plain;
- auth_http_header Auth-Port 995;
- }
- {% endif %}
- {% endif %}
- }
- tls.conf: |-
- ssl_protocols TLSv1.3 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM:DHE-RSA-CHACHA20-POLY1305:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!CAMELLIA;
- ssl_ecdh_curve secp384r1;
- ssl_session_timeout 10m;
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
-
- ssl_certificate {{ "{{" }} TLS[0] }};
- ssl_certificate_key {{ "{{" }} TLS[1] }};
- ssl_dhparam /conf/dhparam.pem;
diff --git a/mailu/templates/configmap-global.yaml b/mailu/templates/configmap-global.yaml
deleted file mode 100644
index 2232894..0000000
--- a/mailu/templates/configmap-global.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "mailu-helm.fullname" . }}
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
-data:
- ADMIN: "{{ .Values.admin.enabled }}"
- ANTIVIRUS: "none"
- AUTH_RATELIMIT: "10/minute;1000/hour"
- BIND_ADDRESS4: "127.0.0.1"
- BIND_ADDRESS6: "::1"
- DB_FLAVOR: "{{ .Values.database.flavor }}"
- DB_HOST: "{{ .Values.database.host }}"
- DB_NAME: "{{ .Values.database.database }}"
- DMARC_RUA: "{{ .Values.dmarc.rua }}"
- DMARC_RUF: "{{ .Values.dmarc.ruf }}"
- DOMAIN: "{{ .Values.config.domain }}"
- FETCHMAIL_DELAY: "600"
- HOSTNAMES: "{{ join "," .Values.config.hostnames }}"
- KUBERNETES_INGRESS: "true"
- MESSAGE_SIZE_LIMIT: "{{ .Values.config.messageSizeLimit }}"
- PASSWORD_SCHEME: "{{ .Values.config.passwordScheme }}"
- POD_ADDRESS_RANGE: "{{ .Values.config.realIpFrom }}"
- POSTMASTER: "{{ .Values.config.postmaster }}"
- REAL_IP_FROM: "{{ .Values.config.realIpFrom }}"
- REAL_IP_HEADER: "{{ .Values.config.realIpHeader }}"
- RECIPIENT_DELIMITER: "{{ .Values.config.recipientDelimiter }}"
- SITENAME: "{{ .Values.config.siteName }}"
- SUBNET: "{{ .Values.config.subnet }}"
- SUBNET_EXTERNAL: "{{ .Values.config.subnet_external }}"
- TLS_FLAVOR: "mail"
- VERSION: "{{ .Values.image.tag | default .Chart.AppVersion }}"
- WEBDAV: "radicale"
- WEBMAIL: "roundcube"
- WEBSITE: "https://{{ .Values.config.domain }}/"
- WEB_ADMIN: "{{ .Values.admin.path }}"
- WEB_WEBMAIL: "{{ .Values.webmail.path }}"
- WELCOME: "{{ .Values.welcome.enabled }}"
- WELCOME_SUBJECT: "{{ .Values.welcome.subject }}"
- WELCOME_BODY: "{{ .Values.welcome.body }}"
-
- HOST_ADMIN: "{{ include "mailu-helm.fullname" . }}-admin.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- ADMIN_ADDRESS: "{{ include "mailu-helm.fullname" . }}-admin.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- HOST_FRONT: "{{ include "mailu-helm.fullname" . }}-front.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- FRONT_ADDRESS: "{{ include "mailu-helm.fullname" . }}-front.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- HOST_ANTISPAM_MILTER: "{{ include "mailu-helm.fullname" . }}-antispam.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- ANTISPAM_MILTER_ADDRESS: "{{ include "mailu-helm.fullname" . }}-antispam.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}:11332"
- HOST_ANTISPAM_WEBUI: "{{ include "mailu-helm.fullname" . }}-antispam.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- ANTISPAM_WEBUI_ADDRESS: "{{ include "mailu-helm.fullname" . }}-antispam.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}:11334"
- HOST_ANTIVIRUS: "{{ include "mailu-helm.fullname" . }}-antivirus.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- ADDRESS_ANTIVIRUS: "{{ include "mailu-helm.fullname" . }}-antivirus.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}:3310"
- HOST_AUTHSMTP: "{{ include "mailu-helm.fullname" . }}-smtp.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- AUTHSMTP_ADDRESS: "{{ include "mailu-helm.fullname" . }}-smtp.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- HOST_IMAP: "{{ include "mailu-helm.fullname" . }}-imap.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- IMAP_ADDRESS: "{{ include "mailu-helm.fullname" . }}-imap.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- LMTP_ADDRESS: "{{ include "mailu-helm.fullname" . }}-imap.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}:2525"
- HOST_POP3: "{{ include "mailu-helm.fullname" . }}-imap.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- POP3_ADDRESS: "{{ include "mailu-helm.fullname" . }}-imap.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- HOST_REDIS: "{{ .Values.redis.host }}"
- REDIS_ADDRESS: "{{ .Values.redis.host }}"
- HOST_SMTP: "{{ include "mailu-helm.fullname" . }}-smtp.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- SMTP_ADDRESS: "{{ include "mailu-helm.fullname" . }}-smtp.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- HOST_WEBDAV: "{{ include "mailu-helm.fullname" . }}-webdav.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}:5232"
- WEBDAV_ADDRESS: "{{ include "mailu-helm.fullname" . }}-webmail.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}:5232"
- HOST_WEBMAIL: "{{ include "mailu-helm.fullname" . }}-webmail.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
- WEBMAIL_ADDRESS: "{{ include "mailu-helm.fullname" . }}-webmail.{{.Release.Namespace}}.svc.{{.Values.clusterSuffix}}"
diff --git a/mailu/templates/configmap-smtp.yaml b/mailu/templates/configmap-smtp.yaml
deleted file mode 100644
index fc35d02..0000000
--- a/mailu/templates/configmap-smtp.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-smtp
- labels:
- component: smtp
- {{- include "mailu-helm.labels" . | nindent 4 }}
-data:
- postfix.cf: |-
- # General TLS configuration
- tls_high_cipherlist=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM:DHE-RSA-CHACHA20-POLY1305:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!CAMELLIA
- tls_preempt_cipherlist=yes
- tls_ssl_options=NO_COMPRESSION
-
- # Outgoing TLS is more flexible because 1. not all receiving servers will
- # support TLS, 2. not all will have and up-to-date TLS stack.
- smtp_tls_security_level=may
- smtp_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1
- smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1
- smtpd_tls_security_level=may
- smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1
- smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1
- lmtp_tls_ciphers = high
- lmtp_tls_mandatory_ciphers = high
- smtp_tls_ciphers = high
- smtp_tls_mandatory_ciphers = high
- smtpd_tls_ciphers = high
- smtpd_tls_mandatory_ciphers = high
- # Relayed networks
- mynetworks=127.0.0.1/32 [::1]/128 {{ .Values.config.subnet }} {{ .Values.config.subnet_external }}/32
- smtpd_authorized_xclient_hosts={{ .Values.config.subnet }} {{ .Values.config.subnet_external }}/32
-
- postscreen_upstream_proxy_protocol = haproxy
- postscreen_upstream_proxy_protocol = haproxy
- smtpd_tls_key_file=/certs/tls.key
- smtpd_tls_cert_file=/certs/tls.crt
- smtpd_use_tls = yes
- smtp_use_tls = yes
- postfix.master: |-
- # expose proxy protocol support
- 10024/inet=10024 inet n - n - 1 postscreen
- smtpd/pass=smtpd pass - - n - - smtpd
-
diff --git a/mailu/templates/daemonset-front.yaml b/mailu/templates/daemonset-front.yaml
deleted file mode 100644
index 8af3f65..0000000
--- a/mailu/templates/daemonset-front.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-front
- labels:
- component: front
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- selector:
- matchLabels:
- component: front
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: front
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- # securityContext: Not supported by mailu-nginx for now
- volumes:
- - name: tls
- secret:
- secretName: {{ include "mailu-helm.fullname" . }}-tls
- items:
- - key: tls.crt
- path: cert.pem
- - key: tls.key
- path: key.pem
- - name: config
- configMap:
- name: {{ include "mailu-helm.fullname" . }}-front
- containers:
- - name: front
- # securityContext: Not supported by mailu-nginx for now
- image: "mailu/nginx:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- ports:
- - containerPort: 110
- hostPort: 110
- name: pop3
- protocol: "TCP"
- - containerPort: 995
- hostPort: 995
- name: pop3s
- protocol: "TCP"
- - containerPort: 143
- hostPort: 143
- name: imap
- protocol: "TCP"
- - containerPort: 993
- hostPort: 993
- name: imaps
- protocol: "TCP"
- - containerPort: 25
- hostPort: 25
- name: smtp
- protocol: "TCP"
- - containerPort: 10025
- hostPort: 10025
- name: smtp-auth
- protocol: "TCP"
- - containerPort: 10143
- hostPort: 10143
- name: imap-auth
- protocol: "TCP"
- - containerPort: 465
- hostPort: 465
- name: smtps
- protocol: "TCP"
- - containerPort: 587
- hostPort: 587
- name: smtpd
- protocol: "TCP"
- - containerPort: 8000
- hostPort: 8000
- name: auth
- protocol: "TCP"
- resources:
- {{- toYaml .Values.front.resources | nindent 12 }}
- volumeMounts:
- - name: tls
- mountPath: "/certs"
- - name: config
- mountPath: /conf/tls.conf
- subPath: tls.conf
- - name: config
- mountPath: /conf/nginx.conf
- subPath: nginx.conf
- hostNetwork: true
- dnsPolicy: ClusterFirstWithHostNet
diff --git a/mailu/templates/deploy-admin.yaml b/mailu/templates/deploy-admin.yaml
deleted file mode 100644
index 5708112..0000000
--- a/mailu/templates/deploy-admin.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-admin
- labels:
- component: admin
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: admin
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: admin
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: data
- {{- .Values.volumes.data | nindent 10 }}
- - name: dkim
- {{- .Values.volumes.dkim | nindent 10 }}
- - name: config
- configMap:
- name: {{ include "mailu-helm.fullname" . }}-admin
- defaultMode: 0755
- containers:
- - name: admin
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "mailu/admin:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- env:
- - name: SUBNET
- valueFrom:
- configMapKeyRef:
- name: {{ include "mailu-helm.fullname" . }}
- key: SUBNET_EXTERNAL
- ports:
- - name: "http"
- containerPort: 80
- protocol: "TCP"
- resources:
- {{- toYaml .Values.admin.resources | nindent 12 }}
- volumeMounts:
- - name: data
- mountPath: "/data"
- - name: dkim
- mountPath: "/dkim"
- - name: config
- mountPath: "/start.py"
- subPath: "start.py"
- startupProbe:
- httpGet:
- path: /sso/login
- port: http
- periodSeconds: 10
- failureThreshold: 30
- timeoutSeconds: 5
- livenessProbe:
- httpGet:
- path: /sso/login
- port: http
- periodSeconds: 10
- failureThreshold: 3
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- path: /sso/login
- port: http
- periodSeconds: 10
- failureThreshold: 1
- timeoutSeconds: 5
diff --git a/mailu/templates/deploy-antispam.yaml b/mailu/templates/deploy-antispam.yaml
deleted file mode 100644
index e5b4caf..0000000
--- a/mailu/templates/deploy-antispam.yaml
+++ /dev/null
@@ -1,84 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-antispam
- labels:
- component: antispam
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: antispam
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: antispam
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: filter
- {{- .Values.volumes.filter | nindent 10 }}
- - name: dkim
- {{- .Values.volumes.dkim | nindent 10 }}
- - name: local-config
- emptyDir: {}
- containers:
- - name: antispam
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "mailu/rspamd:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- ports:
- - name: antispam
- containerPort: 11332
- protocol: "TCP"
- - name: antispam-http
- containerPort: 11334
- protocol: "TCP"
- resources:
- {{- toYaml .Values.antispam.resources | nindent 12 }}
- volumeMounts:
- - name: filter
- mountPath: "/var/lib/rspamd"
- - name: dkim
- mountPath: "/dkim"
- - name: local-config
- mountPath: "/etc/rspamd/local.d"
- startupProbe:
- httpGet:
- path: /
- port: antispam-http
- periodSeconds: 10
- failureThreshold: 90
- timeoutSeconds: 5
- livenessProbe:
- httpGet:
- path: /
- port: antispam-http
- periodSeconds: 10
- failureThreshold: 90
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- path: /
- port: antispam-http
- periodSeconds: 10
- failureThreshold: 90
- timeoutSeconds: 5
diff --git a/mailu/templates/deploy-autodiscover.yaml b/mailu/templates/deploy-autodiscover.yaml
deleted file mode 100644
index 9bfa810..0000000
--- a/mailu/templates/deploy-autodiscover.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- labels:
- component: autodiscover
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: autodiscover
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: autodiscover
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: config
- configMap:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- items:
- - key: mta-sts.txt
- path: ".well-known/mta-sts.txt"
- - key: config-v1.1.xml
- path: config-v1.1.xml
- - key: autodiscover.xml
- path: autodiscover.xml
- containers:
- - name: autodiscover
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "nginx:stable-alpine"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- ports:
- - name: "http"
- containerPort: 80
- protocol: "TCP"
- resources:
- {{- toYaml .Values.admin.resources | nindent 12 }}
- volumeMounts:
- - name: config
- mountPath: "/usr/share/nginx/html"
- startupProbe:
- httpGet:
- path: /config-v1.1.xml
- port: http
- periodSeconds: 10
- failureThreshold: 30
- timeoutSeconds: 5
- livenessProbe:
- httpGet:
- path: /config-v1.1.xml
- port: http
- periodSeconds: 10
- failureThreshold: 3
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- path: /config-v1.1.xml
- port: http
- periodSeconds: 10
- failureThreshold: 1
- timeoutSeconds: 5
diff --git a/mailu/templates/deploy-imap.yaml b/mailu/templates/deploy-imap.yaml
deleted file mode 100644
index c5df9fa..0000000
--- a/mailu/templates/deploy-imap.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-imap
- labels:
- component: imap
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: imap
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: imap
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: data
- {{- .Values.volumes.data | nindent 10 }}
- - name: mail
- {{- .Values.volumes.mail | nindent 10 }}
- containers:
- - name: imap
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "mailu/dovecot:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- ports:
- - name: imap-auth
- containerPort: 2102
- protocol: "TCP"
- - name: imap-transport
- containerPort: 2525
- protocol: "TCP"
- - name: pop3
- containerPort: 110
- protocol: "TCP"
- - name: imap-default
- containerPort: 143
- protocol: "TCP"
- - name: sieve
- containerPort: 4190
- protocol: "TCP"
- resources:
- {{- toYaml .Values.imap.resources | nindent 12 }}
- volumeMounts:
- - name: data
- mountPath: "/data"
- - name: mail
- mountPath: "/mail"
- startupProbe:
- exec:
- command:
- - sh
- - -c
- - 'echo QUIT|nc localhost 110|grep "Dovecot ready."'
- periodSeconds: 10
- failureThreshold: 30
- timeoutSeconds: 5
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - 'echo QUIT|nc localhost 110|grep "Dovecot ready."'
- periodSeconds: 10
- failureThreshold: 3
- timeoutSeconds: 5
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - 'echo QUIT|nc localhost 110|grep "Dovecot ready."'
- periodSeconds: 10
- failureThreshold: 1
- timeoutSeconds: 5
diff --git a/mailu/templates/deploy-smtp.yaml b/mailu/templates/deploy-smtp.yaml
deleted file mode 100644
index 5e331de..0000000
--- a/mailu/templates/deploy-smtp.yaml
+++ /dev/null
@@ -1,101 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-smtp
- labels:
- component: smtp
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: smtp
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: smtp
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: data
- {{- .Values.volumes.data | nindent 10 }}
- - name: certs
- secret:
- secretName: {{ include "mailu-helm.fullname" . }}-tls
- - name: config
- configMap:
- name: {{ include "mailu-helm.fullname" . }}-smtp
- containers:
- - name: smtp
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "mailu/postfix:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- ports:
- - name: smtp
- containerPort: 25
- protocol: "TCP"
- - name: smtp-ssl
- containerPort: 465
- protocol: "TCP"
- - name: smtp-starttls
- containerPort: 587
- protocol: "TCP"
- - name: smtp-proxy
- containerPort: 10024
- protocol: "TCP"
- - name: smtp-auth
- containerPort: 10025
- protocol: "TCP"
- resources:
- {{- toYaml .Values.smtp.resources | nindent 12 }}
- volumeMounts:
- - name: data
- mountPath: "/data"
- - name: certs
- mountPath: "/certs"
- - name: config
- mountPath: "/overrides"
- startupProbe:
- exec:
- command:
- - sh
- - -c
- - 'echo QUIT|nc localhost 25|grep "220 .* ESMTP Postfix"'
- periodSeconds: 10
- failureThreshold: 30
- timeoutSeconds: 5
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - 'echo QUIT|nc localhost 25|grep "220 .* ESMTP Postfix"'
- periodSeconds: 10
- failureThreshold: 3
- timeoutSeconds: 5
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - 'echo QUIT|nc localhost 25|grep "220 .* ESMTP Postfix"'
- periodSeconds: 10
- failureThreshold: 1
- timeoutSeconds: 5
diff --git a/mailu/templates/deploy-webdav.yaml b/mailu/templates/deploy-webdav.yaml
deleted file mode 100644
index dc9710d..0000000
--- a/mailu/templates/deploy-webdav.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-webdav
- labels:
- component: webdav
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: webdav
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: webdav
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: webdav
- {{- .Values.volumes.webdav | nindent 10 }}
- containers:
- - name: webdav
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "mailu/radicale:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- ports:
- - name: "http"
- containerPort: 5232
- protocol: "TCP"
- resources:
- {{- toYaml .Values.webdav.resources | nindent 12 }}
- volumeMounts:
- - name: webdav
- mountPath: "/data"
- startupProbe:
- httpGet:
- path: /
- port: http
- periodSeconds: 10
- failureThreshold: 30
- timeoutSeconds: 5
- livenessProbe:
- httpGet:
- path: /
- port: http
- periodSeconds: 10
- failureThreshold: 3
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- path: /
- port: http
- periodSeconds: 10
- failureThreshold: 1
- timeoutSeconds: 5
diff --git a/mailu/templates/deploy-webmail.yaml b/mailu/templates/deploy-webmail.yaml
deleted file mode 100644
index 8971f86..0000000
--- a/mailu/templates/deploy-webmail.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-webmail
- labels:
- component: webmail
- {{- include "mailu-helm.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- component: webmail
- {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- component: webmail
- {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- volumes:
- - name: webmail
- {{- .Values.volumes.webmail | nindent 10 }}
- containers:
- - name: webmail
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "k8r.eu/justjanne/mailu-snappymail:{{ .Values.webmail.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - configMapRef:
- name: {{ include "mailu-helm.fullname" . }}
- - secretRef:
- name: {{ include "mailu-helm.fullname" . }}
- env:
- - name: HOST_FRONT
- valueFrom:
- configMapKeyRef:
- key: FRONT_ADDRESS
- name: {{ include "mailu-helm.fullname" . }}
- ports:
- - name: "http"
- containerPort: 80
- protocol: "TCP"
- resources:
- {{- toYaml .Values.webmail.resources | nindent 12 }}
- volumeMounts:
- - name: webmail
- mountPath: "/data"
- startupProbe:
- httpGet:
- path: /healthz
- port: http
- periodSeconds: 10
- failureThreshold: 30
- timeoutSeconds: 5
- livenessProbe:
- httpGet:
- path: /healthz
- port: http
- periodSeconds: 10
- failureThreshold: 3
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- path: /healthz
- port: http
- periodSeconds: 10
- failureThreshold: 1
- timeoutSeconds: 5
diff --git a/mailu/templates/ingress-admin.yaml b/mailu/templates/ingress-admin.yaml
deleted file mode 100644
index 72c3641..0000000
--- a/mailu/templates/ingress-admin.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-admin
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: admin
- annotations:
- nginx.ingress.kubernetes.io/server-snippet: |-
- location @login {
- return 302 "/sso/login";
- }
- {{- range $key, $value := .Values.ingress.annotations }}
- {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
- {{- end }}
-spec:
- rules:
- - host: "{{ .Values.admin.host }}"
- http:
- paths:
- - path: "{{ .Values.admin.path }}"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-admin
- port:
- name: http
- pathType: Prefix
- - path: "/sso/"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-admin
- port:
- name: http
- pathType: Prefix
- - path: "/static"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-admin
- port:
- name: http
- pathType: Prefix
diff --git a/mailu/templates/ingress-antispam.yaml b/mailu/templates/ingress-antispam.yaml
deleted file mode 100644
index 114a6a9..0000000
--- a/mailu/templates/ingress-antispam.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-antispam
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: antispam
- annotations:
- nginx.ingress.kubernetes.io/auth-url:
- "http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/admin"
- nginx.ingress.kubernetes.io/rewrite-target: "/$2"
- nginx.ingress.kubernetes.io/configuration-snippet: |
- proxy_set_header X-Real-IP "";
- proxy_set_header X-Forwarded-For "";
- proxy_set_header Password "mailu";
- {{- range $key, $value := .Values.ingress.annotations }}
- {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
- {{- end }}
-spec:
- rules:
- - host: "{{ .Values.admin.host }}"
- http:
- paths:
- - path: "{{ .Values.admin.path }}/antispam($|/)(.*)"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-antispam
- port:
- name: antispam-http
- pathType: Prefix
diff --git a/mailu/templates/ingress-autodiscover.yaml b/mailu/templates/ingress-autodiscover.yaml
deleted file mode 100644
index 1b4d7b9..0000000
--- a/mailu/templates/ingress-autodiscover.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: autodiscover
- annotations:
- nginx.ingress.kubernetes.io/cache-enable: "true"
- nginx.ingress.kubernetes.io/cache-generation: "2"
- nginx.ingress.kubernetes.io/cache-whitelist-query-params: ""
- nginx.ingress.kubernetes.io/configuration-snippet: |-
- rewrite ^/.well-known/(carddav|caldav)$ "https://{{ .Values.webdav.host }}{{ .Values.webdav.path }}/.well-known/$1" permanent;
- rewrite ^/mail/(.*) /$1 last;
- {{- range $key, $value := .Values.ingress.annotations }}
- {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
- {{- end }}
-spec:
- rules:
- {{ range .Values.config.hostnames }}
- - host: {{ . }}
- http:
- paths:
- - path: "/.well-known/carddav"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" $ }}-autodiscover
- port:
- name: http
- pathType: Prefix
- - path: "/.well-known/caldav"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" $ }}-autodiscover
- port:
- name: http
- pathType: Prefix
- - path: "/.well-known/mta-sts.txt"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" $ }}-autodiscover
- port:
- name: http
- pathType: Prefix
- - host: "mta-sts.{{ . }}"
- http:
- paths:
- - path: "/.well-known/mta-sts.txt"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" $ }}-autodiscover
- port:
- name: http
- pathType: Prefix
- {{ end }}
- - host: "autodiscover.{{ .Values.config.domain }}"
- http:
- paths:
- - path: "/"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- port:
- name: http
- pathType: Prefix
- - host: "autoconfig.{{ .Values.config.domain }}"
- http:
- paths:
- - path: "/"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- port:
- name: http
- pathType: Prefix
diff --git a/mailu/templates/ingress-webdav.yaml b/mailu/templates/ingress-webdav.yaml
deleted file mode 100644
index 040fb32..0000000
--- a/mailu/templates/ingress-webdav.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-webdav
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: webdav
- annotations:
- nginx.ingress.kubernetes.io/auth-url:
- "http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/basic"
- nginx.ingress.kubernetes.io/configuration-snippet: |-
- auth_request_set $user $upstream_http_x_user;
- proxy_set_header X-Remote-User $user;
- proxy_set_header X-Script-Name "{{ .Values.webdav.path }}";
- nginx.ingress.kubernetes.io/rewrite-target: /$2
- {{- range $key, $value := .Values.ingress.annotations }}
- {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
- {{- end }}
-spec:
- rules:
- - host: "{{ .Values.webdav.host }}"
- http:
- paths:
- - path: "{{ .Values.webdav.path }}(/|$)(.*)"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-webdav
- port:
- name: http
- pathType: Prefix
diff --git a/mailu/templates/ingress-webmail.yaml b/mailu/templates/ingress-webmail.yaml
deleted file mode 100644
index 5bd1839..0000000
--- a/mailu/templates/ingress-webmail.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-webmail
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: webmail
- annotations:
- nginx.ingress.kubernetes.io/auth-url:
- "http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/user"
- nginx.ingress.kubernetes.io/configuration-snippet: |-
- auth_request_set $user $upstream_http_x_user;
- proxy_set_header 'X-Remote-User' $user;
- auth_request_set $token $upstream_http_x_user_token;
- proxy_set_header 'X-Remote-User-Token' $token;
- error_page 403 @login;
- {{- range $key, $value := .Values.ingress.annotations }}
- {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
- {{- end }}
-spec:
- rules:
- - host: "{{ .Values.webmail.host }}"
- http:
- paths:
- - path: "{{ .Values.webmail.path }}"
- backend:
- service:
- name: {{ include "mailu-helm.fullname" . }}-webmail
- port:
- name: http
- pathType: Prefix
diff --git a/mailu/templates/secret-global.yaml b/mailu/templates/secret-global.yaml
deleted file mode 100644
index 1b2444f..0000000
--- a/mailu/templates/secret-global.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "mailu-helm.fullname" . }}
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
-stringData:
- SECRET_KEY: "{{ .Values.config.secretKey }}"
- DB_PW: "{{ .Values.database.password }}"
- DB_USER: "{{ .Values.database.username }}"
- QUOTA_STORAGE_URL: "redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}/{{ .Values.redis.databases.quota }}"
- RATELIMIT_STORAGE_URL: "redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}/{{ .Values.redis.databases.ratelimit }}"
diff --git a/mailu/templates/service-admin.yaml b/mailu/templates/service-admin.yaml
deleted file mode 100644
index c715a7d..0000000
--- a/mailu/templates/service-admin.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-admin
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: admin
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: 80
- targetPort: http
- protocol: "TCP"
- name: http
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: admin
diff --git a/mailu/templates/service-antispam.yaml b/mailu/templates/service-antispam.yaml
deleted file mode 100644
index a16fcd6..0000000
--- a/mailu/templates/service-antispam.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-antispam
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: antispam
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: 11332
- targetPort: antispam
- protocol: "TCP"
- name: antispam
- - port: 11334
- targetPort: antispam-http
- protocol: "TCP"
- name: antispam-http
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: antispam
diff --git a/mailu/templates/service-autodiscover.yaml b/mailu/templates/service-autodiscover.yaml
deleted file mode 100644
index 7b7e338..0000000
--- a/mailu/templates/service-autodiscover.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-autodiscover
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: autodiscover
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: 80
- targetPort: http
- protocol: "TCP"
- name: http
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: autodiscover
diff --git a/mailu/templates/service-front.yaml b/mailu/templates/service-front.yaml
deleted file mode 100644
index 13022d1..0000000
--- a/mailu/templates/service-front.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-front
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: front
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: pop3
- port: 110
- protocol: TCP
- targetPort: pop3
- - name: pop3s
- port: 995
- protocol: TCP
- targetPort: pop3s
- - name: imap
- port: 143
- protocol: TCP
- targetPort: imap
- - name: imaps
- port: 993
- protocol: TCP
- targetPort: imaps
- - name: smtp
- port: 25
- protocol: TCP
- targetPort: smtp
- - name: smtps
- port: 465
- protocol: TCP
- targetPort: smtps
- - name: smtpd
- port: 587
- protocol: TCP
- targetPort: smtpd
- - name: smtp-auth
- port: 10025
- protocol: TCP
- targetPort: smtp-auth
- - name: imap-auth
- port: 10143
- protocol: TCP
- targetPort: imap-auth
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: front
diff --git a/mailu/templates/service-imap.yaml b/mailu/templates/service-imap.yaml
deleted file mode 100644
index 87f92c5..0000000
--- a/mailu/templates/service-imap.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-imap
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: imap
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: imap-auth
- port: 2102
- protocol: "TCP"
- targetPort: imap-auth
- - name: imap-transport
- port: 2525
- protocol: "TCP"
- targetPort: imap-transport
- - name: pop3
- port: 110
- protocol: "TCP"
- targetPort: pop3
- - name: imap-default
- port: 143
- protocol: "TCP"
- targetPort: imap-default
- - name: sieve
- port: 4190
- protocol: "TCP"
- targetPort: sieve
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: imap
diff --git a/mailu/templates/service-smtp.yaml b/mailu/templates/service-smtp.yaml
deleted file mode 100644
index a8aa6cd..0000000
--- a/mailu/templates/service-smtp.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-smtp
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: smtp
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: smtp
- port: 25
- protocol: "TCP"
- targetPort: smtp
- - name: smtp-ssl
- port: 465
- protocol: "TCP"
- targetPort: smtp-ssl
- - name: smtp-starttls
- port: 587
- protocol: "TCP"
- targetPort: smtp-starttls
- - name: smtp-auth
- port: 10025
- protocol: "TCP"
- targetPort: smtp-auth
- - name: smtp-proxy
- port: 10024
- protocol: "TCP"
- targetPort: smtp-proxy
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: smtp
diff --git a/mailu/templates/service-webdav.yaml b/mailu/templates/service-webdav.yaml
deleted file mode 100644
index 8c21ea8..0000000
--- a/mailu/templates/service-webdav.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-webdav
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: webdav
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: http
- port: 80
- protocol: "TCP"
- targetPort: http
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: webdav
diff --git a/mailu/templates/service-webmail.yaml b/mailu/templates/service-webmail.yaml
deleted file mode 100644
index 2c3c3db..0000000
--- a/mailu/templates/service-webmail.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "mailu-helm.fullname" . }}-webmail
- labels:
- {{- include "mailu-helm.labels" . | nindent 4 }}
- component: webmail
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: http
- port: 80
- protocol: "TCP"
- targetPort: http
- selector:
- {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
- component: webmail
diff --git a/mailu/values.yaml b/mailu/values.yaml
deleted file mode 100644
index d835920..0000000
--- a/mailu/values.yaml
+++ /dev/null
@@ -1,163 +0,0 @@
-replicaCount: 1
-
-imagePullSecrets: [ ]
-nameOverride: ""
-fullnameOverride: ""
-clusterSuffix: "cluster.local"
-
-image:
- pullPolicy: IfNotPresent
- tag: ""
-
-config:
- secretKey: "changeMe"
- domain: "example.com"
- hostnames:
- - "example.com"
- - "mail.example.com"
- - "imap.example.com"
- passwordScheme: "PBKDF2"
- messageSizeLimit: "500000000"
- realIpFrom: "0.0.0.0/0"
- realIpHeader: "X-Forwarded-For"
- postmaster: "postmaster"
- recipientDelimiter: "+"
- siteName: "Example.com Mail"
- subnet: "10.42.0.0/16"
- subnet_external: "1.2.3.4"
-
-welcome:
- enabled: false
- subject: "Welcome to your new email account"
- body: "Welcome to your new email account, if you can read this, then it is configured properly!"
-
-dmarc:
- rua: "dmarc"
- ruf: "dmarc"
-
-database:
- flavor: "sqlite"
- host: "external-db-hostname"
- database: "mailu"
- username: "mailu"
- password: "chang3m3!"
-
-redis:
- host: "external-redis-hostname"
- password: ""
- databases:
- quota: 1
- ratelimit: 2
-
-certificate:
- issuer: "letsencrypt"
- commonName: "example.com"
- hostnames:
- - "example.com"
- - "imap.example.com"
- - "mail.example.com"
-
-volumes:
- dkim: |-
- emptyDir: {}
- data: |-
- emptyDir: {}
- mail: |-
- emptyDir: {}
- filter: |-
- emptyDir: {}
- webdav: |-
- emptyDir: {}
- webmail: |-
- emptyDir: {}
-
-front:
- resources:
- limits:
- cpu: 500m
- memory: 256Mi
- requests:
- cpu: 10m
- memory: 32Mi
-admin:
- enabled: true
- host: "mail.example.com"
- path: "/admin"
- resources:
- limits:
- cpu: 500m
- memory: 1Gi
- requests:
- cpu: 30m
- memory: 128Mi
-imap:
- resources:
- limits:
- cpu: 500m
- memory: 512Mi
- requests:
- cpu: 30m
- memory: 64Mi
-smtp:
- resources:
- limits:
- cpu: 500m
- memory: 512Mi
- requests:
- cpu: 30m
- memory: 64Mi
-antispam:
- password: "chang3m3!"
- resources:
- limits:
- cpu: 500m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 128Mi
-webmail:
- host: "mail.example.com"
- path: "/"
- tag: ""
- resources:
- limits:
- cpu: 500m
- memory: 256Mi
- requests:
- cpu: 10m
- memory: 32Mi
-webdav:
- host: "mail.example.com"
- path: "/webdav"
- resources:
- limits:
- cpu: 500m
- memory: 256Mi
- requests:
- cpu: 30m
- memory: 32Mi
-
-podAnnotations: { }
-
-podSecurityContext: { }
-# fsGroup: 2000
-
-securityContext: { }
-# capabilities:
-# drop:
-# - ALL
-# readOnlyRootFilesystem: true
-# runAsNonRoot: true
-# runAsUser: 1000
-
-service:
- type: ClusterIP
-
-nodeSelector: { }
-
-tolerations: [ ]
-
-affinity: { }
-
-ingress:
- annotations: {}
--
GitLab