feat: add automated autodiscover

templates/configmap-autodiscover.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "mailu-helm.fullname" . }}-autodiscover
+  labels:
+    {{- include "mailu-helm.labels" . | nindent 4 }}
+    component: autodiscover
+data:
+  config-v1.1.xml: |-
+    <?xml version="1.0" encoding="UTF-8"?>
+    <clientConfig version="1.1">
+        <emailProvider id="{{ .Values.config.domain }}">
+            <domain>{{ .Values.config.domain }}</domain>
+            <displayName>{{ .Values.config.siteName }}</displayName>
+            <displayShortName>{{ .Values.config.domain }}</displayShortName>
+            <incomingServer type="imap">
+                <hostname>{{ .Values.config.domain }}</hostname>
+                <port>993</port>
+                <socketType>SSL</socketType>
+                <authentication>password-cleartext</authentication>
+                <username>%EMAILADDRESS%</username>
+            </incomingServer>
+            <outgoingServer type="smtp">
+                <hostname>kuschku.de</hostname>
+                <port>465</port>
+                <socketType>SSL</socketType>
+                <authentication>password-cleartext</authentication>
+                <username>%EMAILADDRESS%</username>
+            </outgoingServer>
+            <documentation url="{{ .Values.admin.host }}{{ .Values.admin.path }}/ui/client">
+                <descr lang="en">Configure your email client</descr>
+            </documentation>
+        </emailProvider>
+    </clientConfig>
+  autodiscover.xml: |-
+    <?xml version="1.0" encoding="utf-8" ?>
+    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
+        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
+            <User>
+              <DisplayName>{{ .Values.config.siteName }}</DisplayName>
+            </User>
+            <Account>
+                <AccountType>email</AccountType>
+                <Action>settings</Action>
+                <ServiceHome>{{ .Values.admin.host }}{{ .Values.admin.path }}</ServiceHome>
+                <Protocol>
+                    <Type>IMAP</Type>
+                    <Server>{{ .Values.config.domain }}</Server>
+                    <Port>993</Port>
+                    <DomainRequired>true</DomainRequired>
+                    <SPA>off</SPA>
+                    <SSL>on</SSL>
+                    <AuthRequired>on</AuthRequired>
+                    <SMTPLast>off</SMTPLast>
+                </Protocol>
+                <Protocol>
+                    <Type>SMTP</Type>
+                    <Server>{{ .Values.config.domain }}</Server>
+                    <Port>465</Port>
+                    <DomainRequired>true</DomainRequired>
+                    <SPA>off</SPA>
+                    <SSL>on</SSL>
+                    <AuthRequired>on</AuthRequired>
+                    <SMTPLast>off</SMTPLast>
+                </Protocol>
+                <Protocol>
+                    <Type>DAV</Type>
+                    <Server>{{ .Values.webdav.host }}{{ .Values.webdav.path }}</Server>
+                    <DomainRequired>true</DomainRequired>
+                    <SPA>off</SPA>
+                    <SSL>on</SSL>
+                    <AuthRequired>on</AuthRequired>
+                </Protocol>
+            </Account>
+        </Response>
+    </Autodiscover>
+  mta-sts.txt: |-
+    version: STSv1
+    mode: enforce
+    {{ range .Values.config.hostnames -}}
+    mx: {{ . }}
+    {{ end -}}
+    max_age: 604800

templates/deploy-autodiscover.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mailu-helm.fullname" . }}-autodiscover
+  labels:
+    component: autodiscover
+    {{- include "mailu-helm.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      component: autodiscover
+      {{- include "mailu-helm.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        component: autodiscover
+        {{- include "mailu-helm.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "mailu-helm.fullname" . }}-autodiscover
+      containers:
+        - name: autodiscover
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "nginx:stable-alpine"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: "http"
+              containerPort: 80
+              protocol: "TCP"
+          resources:
+            {{- toYaml .Values.admin.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: "/usr/share/nginx/html"
+            - name: config
+              mountPath: "/usr/share/nginx/html/mail"
+          startupProbe:
+            httpGet:
+              path: /config-v1.1.xml
+              port: http
+            periodSeconds: 10
+            failureThreshold: 30
+            timeoutSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /config-v1.1.xml
+              port: http
+            periodSeconds: 10
+            failureThreshold: 3
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /config-v1.1.xml
+              port: http
+            periodSeconds: 10
+            failureThreshold: 1
+            timeoutSeconds: 5

templates/ingress-admin.yaml

@@ -6,17 +6,13 @@ metadata:
     {{- include "mailu-helm.labels" . | nindent 4 }}
     component: admin
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/server-snippet: |-
       location @login {
         return 302 "/sso/login";
       }
-
-      location ~ ^/.well-known/(carddav|caldav) {
-        return 301 "{{ .Values.webdav.path }}";
-      }
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
 spec:
   rules:
     - host: "{{ .Values.admin.host }}"

templates/ingress-antispam.yaml

@@ -6,14 +6,15 @@ metadata:
     {{- include "mailu-helm.labels" . | nindent 4 }}
     component: antispam
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/auth-url:
       "http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/admin"
     nginx.ingress.kubernetes.io/configuration-snippet: |
       proxy_set_header X-Real-IP "";
       proxy_set_header X-Forwarded-For "";
       proxy_set_header Password "mailu";
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
 spec:
   rules:
     - host: "{{ .Values.admin.host }}"

templates/ingress-autodiscover.yaml

+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "mailu-helm.fullname" . }}-autodiscover
+  labels:
+    {{- include "mailu-helm.labels" . | nindent 4 }}
+    component: autodiscover
+  annotations:
+    nginx.ingress.kubernetes.io/cache-enable: "true"
+    nginx.ingress.kubernetes.io/cache-generation: "2"
+    nginx.ingress.kubernetes.io/cache-whitelist-query-params: ""
+    nginx.ingress.kubernetes.io/configuration-snippet: |-
+      rewrite ^/.well-known/(carddav|caldav)$ "https://{{ .Values.webdav.host }}{{ .Values.webdav.path }}" permanent;
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
+spec:
+  rules:
+    {{ range .Values.config.hostnames }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: "/.well-known/carddav"
+            backend:
+              service:
+                name: {{ include "mailu-helm.fullname" $ }}-autodiscover
+                port:
+                  name: http
+            pathType: Prefix
+          - path: "/.well-known/caldav"
+            backend:
+              service:
+                name: {{ include "mailu-helm.fullname" $ }}-autodiscover
+                port:
+                  name: http
+            pathType: Prefix
+          - path: "/.well-known/mta-sts.txt"
+            backend:
+              service:
+                name: {{ include "mailu-helm.fullname" $ }}-autodiscover
+                port:
+                  name: http
+            pathType: Prefix
+    {{ end }}
+    - host: "autodiscover.{{ .Values.config.domain }}"
+      http:
+        paths:
+          - path: "/"
+            backend:
+              service:
+                name: {{ include "mailu-helm.fullname" . }}-autodiscover
+                port:
+                  name: http
+            pathType: Prefix
+    - host: "autoconfig.{{ .Values.config.domain }}"
+      http:
+        paths:
+          - path: "/"
+            backend:
+              service:
+                name: {{ include "mailu-helm.fullname" . }}-autodiscover
+                port:
+                  name: http
+            pathType: Prefix

templates/ingress-webdav.yaml

@@ -6,16 +6,16 @@ metadata:
     {{- include "mailu-helm.labels" . | nindent 4 }}
     component: webdav
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/auth-url:
       "http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/basic"
     nginx.ingress.kubernetes.io/configuration-snippet: |-
       auth_request_set $user $upstream_http_x_user;
       proxy_set_header X-Remote-User $user;
       proxy_set_header X-Script-Name "{{ .Values.webdav.path }}";
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/rewrite-target: /$2
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
 spec:
   rules:
     - host: "{{ .Values.webdav.host }}"

templates/ingress-webmail.yaml

@@ -6,7 +6,6 @@ metadata:
     {{- include "mailu-helm.labels" . | nindent 4 }}
     component: webmail
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/auth-url:
       "http://{{ include "mailu-helm.fullname" . }}-admin.{{ .Release.Namespace }}.svc.{{ .Values.clusterSuffix }}/internal/auth/user"
     nginx.ingress.kubernetes.io/configuration-snippet: |-
@@ -15,8 +14,9 @@ metadata:
       auth_request_set $token $upstream_http_x_user_token;
       proxy_set_header 'X-Remote-User-Token' $token;
       error_page 403 @login;
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
 spec:
   rules:
     - host: "{{ .Values.webmail.host }}"

templates/service-autodiscover.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mailu-helm.fullname" . }}-autodiscover
+  labels:
+    {{- include "mailu-helm.labels" . | nindent 4 }}
+    component: autodiscover
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: "TCP"
+      name: http
+  selector:
+    {{- include "mailu-helm.selectorLabels" . | nindent 4 }}
+    component: autodiscover

values.yaml

@@ -12,7 +12,10 @@ image:
 config:
   secretKey: "changeMe"
   domain: "example.com"
-  hostnames: "example.com,mail.example.com,imap.example.com"
+  hostnames:
+  - "example.com"
+  - "mail.example.com"
+  - "imap.example.com"
   passwordScheme: "PBKDF2"
   messageSizeLimit: "500000000"
   realIpFrom: "0.0.0.0/0"
@@ -151,3 +154,6 @@ nodeSelector: { }
 tolerations: [ ]
 
 affinity: { }
+
+ingress:
+  annotations: {}