Page MenuHomePhorge
Files F117751446

No OneTemporary
Actions

Authored By
Unknown
Size
31 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/helm/templates/prometheus-configmap.yaml b/helm/templates/prometheus-configmap.yaml
index 5375b16..5060e76 100644
--- a/helm/templates/prometheus-configmap.yaml
+++ b/helm/templates/prometheus-configmap.yaml
@@ -1,425 +1,429 @@
{{- if .Values.prometheus.enabled -}}
kind: ConfigMap
apiVersion: v1
metadata:
name: prom-config
data:
prometheus.yml: |
global:
scrape_interval: 1m
evaluation_interval: 1m
external_labels:
deployment: {{ .Values.domainName }}
{{- if .Values.alertmanager.externalUrl }}
alerting:
alertmanagers:
- static_configs:
- targets:
- {{ .Values.alertmanager.externalUrl }}
scheme: {{ .Values.alertmanager.externalUrlScheme }}
{{- end }}
rule_files:
- /config/prometheus/rules/*.yml
scrape_configs:
- job_name: 'kolab'
static_configs:
- targets: ['{{ .Values.kolab.servicesService }}:80']
metrics_path: "/api/webhooks/metrics"
- job_name: 'swoole'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- kolab
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: kolab|kolab-services
- source_labels: [__meta_kubernetes_pod_ip]
target_label: __address__
- target_label: __param_kubernetes_pod_name
source_labels: [__meta_kubernetes_pod_name]
- target_label: kubernetes_pod_name
source_labels: [__param_kubernetes_pod_name]
- target_label: __metrics_path__
replacement: /api/webhooks/metrics/swoole
- source_labels: [__address__]
action: replace
replacement: $1:8000
target_label: __address__
{{- if .Values.imap.enabled }}
- job_name: 'imap'
# We update slower than scrape interval, so the timestamps are usually outdated.
# Also, the cyrus exporter tends to get stuck.
honor_timestamps: false
static_configs:
- targets:
{{- if .Values.imap.murder.enabled }}
{{- range (untilStep 0 (int .Values.imap.replicas) 1) }}
- 'imap-{{ . }}.imap-headless:11080'
{{- end }}
{{- else }}
- 'imap:80'
{{- if .Values.imap.replica.enabled }}
- 'imap-replica:80'
{{- end }}
{{- end }}
metrics_path: "/metrics"
{{- end }}
- job_name: "pushgateway"
honor_labels: true
static_configs:
- targets: ['pushgateway:9091']
{{- if .Values.prometheus.clusterMonitoring }}
- job_name: 'vector-node-metrics'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- kube-system
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: vector
- source_labels: [__meta_kubernetes_pod_ip]
target_label: __address__
- target_label: __param_kubernetes_pod_name
source_labels: [__meta_kubernetes_pod_name]
- target_label: kubernetes_pod_name
source_labels: [__param_kubernetes_pod_name]
- target_label: __metrics_path__
replacement: /metrics
- source_labels: [__address__]
action: replace
replacement: $1:9598
target_label: __address__
- job_name: 'kube-state-metrics'
static_configs:
- targets: ['kube-state-metrics.default.svc.cluster.local:8080']
- job_name: 'kubelet metrics'
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- action: labeldrop
regex: beta_kubernetes_io(.+)
- action: labeldrop
regex: kubernetes_io(.+)
- action: labeldrop
regex: node_kubernetes_io(.+)
- action: labeldrop
regex: node_role_kubernetes_io(.+)
- source_labels: [__address__]
target_label: __address__
regex: ([^:]+)(?::\d+)?
replacement: $1:10250
- regex: (.+)
replacement: /metrics
source_labels: [__meta_kubernetes_node_name]
target_label: __metrics_path__
metric_relabel_configs:
# Drop the most expensive metrics that we don't look at
- source_labels: [__name__]
regex: (.+)_bucket|apiserver_(.+)|etcd_(.+)
action: drop
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
- job_name: 'cadvisor metrics'
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- action: labeldrop
regex: beta_kubernetes_io(.+)
- action: labeldrop
regex: kubernetes_io(.+)
- action: labeldrop
regex: node_kubernetes_io(.+)
- action: labeldrop
regex: node_role_kubernetes_io(.+)
- source_labels: [__address__]
target_label: __address__
regex: ([^:]+)(?::\d+)?
replacement: $1:10250
- regex: (.+)
replacement: /metrics/cadvisor
source_labels: [__meta_kubernetes_node_name]
target_label: __metrics_path__
metric_relabel_configs:
# Drop the most expensive metrics that we don't look at
- source_labels: [__name__]
regex: container_tasks_state|container_fs_(.+)|container_blkio_(.+)
action: drop
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
{{- end }}
{{- if .Values.prometheus.haproxyMonitoring }}
- job_name: 'haproxy-metrics'
static_configs:
- targets:
{{- range .Values.prometheus.haproxyMonitoring.targets }}
- {{ . }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.mariadbMonitoring }}
- job_name: mariadb
static_configs:
- targets:
{{- range .Values.prometheus.mariadbMonitoring.targets }}
- {{ . }}
{{- end }}
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: localhost:9104
{{- end }}
- job_name: blackbox-tcp-tls
honor_timestamps: true
params:
module: [tcp_tls]
metrics_path: /probe
scheme: http
follow_redirects: true
enable_http2: true
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- source_labels: [__param_module]
target_label: module
- target_label: __address__
replacement: localhost:9115
static_configs:
- targets:
- proxy:993
# - job_name: blackbox-smtp-starttls
# metrics_path: /probe
# params:
# module: [smtp_starttls]
# relabel_configs:
# - source_labels: [__address__]
# target_label: __param_target
# - source_labels: [__param_target]
# target_label: instance
# - source_labels: [__param_module]
# target_label: module
# - target_label: __address__
# replacement: localhost:9115
# static_configs:
# - targets:
# - proxy:587
{{- if .Values.loki.enabled }}
- job_name: 'loki'
static_configs:
- targets: ['loki.kolab.svc.cluster.local:3100']
metrics_path: "/metrics"
metric_relabel_configs:
# Drop most metrics
- source_labels: [__name__]
regex: loki_internal_log_(.+)
action: keep
{{- end }}
{{- if .Values.victorialogs.enabled }}
- job_name: 'victorialogs'
static_configs:
- targets: ['victorialogs.kolab.svc.cluster.local:9428']
metrics_path: "/metrics"
{{- end }}
blackbox.yml: |
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false
tls_config:
insecure_skip_verify: true
https_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
fail_if_not_ssl: true
method: GET
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false
https_403:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: [403]
fail_if_not_ssl: true
method: GET
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false
http_2xx_auth:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false
basic_auth:
username: "{{ .Values.serviceAccounts.monitoring1.user }}"
password: "{{ .Values.serviceAccounts.monitoring1.password }}"
tls_config:
insecure_skip_verify: true
https_2xx_auth:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
fail_if_not_ssl: true
method: GET
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false
basic_auth:
username: "{{ .Values.serviceAccounts.monitoring1.user }}"
password: "{{ .Values.serviceAccounts.monitoring1.password }}"
icmp:
prober: icmp
icmp:
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false
tcp_tls:
prober: tcp
timeout: 5s
tcp:
tls: true
tls_config:
server_name: "{{ template "kolab.websiteDomain" . }}"
{{- if .Values.tlsSecret.ca }}
ca_file: /etc/certs/ca.cert
{{- end }}
imap_starttls:
prober: tcp
timeout: 5s
tcp:
query_response:
- expect: "OK.*STARTTLS"
- send: ". STARTTLS"
- expect: "OK"
- starttls: true
- send: ". capability"
- expect: "CAPABILITY IMAP4rev1"
smtp_starttls:
prober: tcp
timeout: 5s
tcp:
query_response:
- expect: "^220 ([^ ]+) ESMTP (.+)$"
- send: "EHLO prober\r"
- expect: "^250-STARTTLS"
- send: "STARTTLS\r"
- expect: "^220"
- starttls: true
- send: "EHLO prober\r"
- expect: "^250-AUTH"
- send: "QUIT\r"
tls_config:
server_name: "{{ template "kolab.websiteDomain" . }}"
{{- if .Values.tlsSecret.ca }}
ca_file: /etc/certs/ca.cert
{{- end }}
dashboard.html: |
{{ .Files.Get "files/dashboard.html" | indent 4}}
prometheus.rules.yml: |
groups:
- name: prometheus-checks
rules:
- alert: Watchdog
expr: vector(1)
labels:
severity: none
prometheus: "{{ .Values.domainName }}"
annotations:
summary: An alert that should always be firing to certify that Alertmanager is working properly.
- alert: scrape_job_down
expr: up == 0
for: 5m
labels:
severity: warning
annotations:
summary: Scrape job {{ "{{" }} $labels.job {{ "}}" }} down on {{ "{{" }} $labels.hostname {{ "}}" }}.
{{- if .Values.prometheus.mariadbMonitoring }}
- name: mysqld-checks
rules:
- alert: MysqlNodeIsDown
annotations:
summary: A mysql node is down on {{ "{{" }} $labels.hostname {{ "}}" }}.
expr: mysql_up == 0
for: 1m
labels:
severity: critical
- alert: WSREPNotConnected
annotations:
summary: A mysql node is down on {{ "{{" }} $labels.hostname {{ "}}" }}.
expr: mysql_global_status_wsrep_connected == 0
for: 1m
labels:
severity: critical
- alert: WSREPClusterSize
annotations:
summary: The mariadb cluster does not have all 4 paricipants.
expr: mysql_global_status_wsrep_cluster_size != 4
for: 1m
labels:
severity: critical
- alert: WSREPClusterStatus
annotations:
summary: Cluster status not ok.
expr: mysql_global_status_wsrep_cluster_status == 0
for: 1m
labels:
severity: critical
{{- end }}
{{- if .Values.imap.replica.enabled }}
- alert: IMAPReplicaOutOfSync
annotations:
summary: The IMAP replica is not in sync with the primary.
expr: abs(cyrus_usage_mailboxes{instance=~"imap:.*"} - ignoring (instance) cyrus_usage_mailboxes{instance=~"imap-replica:.*"}) == 0
for: 1m
labels:
severity: critical
{{- end }}
# TODO for imap murder ensure the folder count matches
+ {{- if .Values.prometheus.extraRules }}
+ {{ toYaml .Values.prometheus.extraRules | nindent 6 }}
+ {{ end }}
+
web.rules.yml: |
{{ .Files.Get "files/web.rules.yml" | indent 4}}
{{- if .Values.prometheus.clusterMonitoring }}
cluster.rules.yml: |
{{ .Files.Get "files/cluster.rules.yml" | indent 4}}
{{- end }}
{{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 0a71bc3..eb70ddc 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -1,584 +1,585 @@
# Default values for kolab.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
domainName: "kolab.local"
# The admin user is always admin@domainName
adminPassword: null
# User for prometheus/loki
externalServiceUser: "admin"
# Generate with "openssl passwd -1 simple123"
externalServiceUserPassword: "$1$4JUJFGc/$rqEi/7HU4B3YdpDb7tERK."
# Arbitrary commands can be included like this that will be run before the horizon container starts.
# initCommands: [
# "./artisan user:password admin@kolab.local simple123",
# "./artisan user:create test1@kolab.local --password=simple123 || :",
# "./artisan user:create test2@kolab.local --password=simple123 || :",
# ]
serviceAccounts:
create: true
monitoring1:
user: test1@kolab.local
password: null
monitoring2:
user: test2@kolab.local
password: null
image:
imapImage: "quay.io/apheleiait/kolab/imap:4.0.16"
kolabImage: "quay.io/apheleiait/kolab/webapp:4.0.16"
collaboraImage: "quay.io/apheleiait/kolab/collabora:4.0.16"
redisImage: "quay.io/apheleiait/kolab/redis:4.0.16"
roundcubeImage: "quay.io/apheleiait/kolab/roundcube:4.0.16"
mariadbImage: "quay.io/apheleiait/kolab/mariadb:4.0.16"
meetImage: "quay.io/apheleiait/kolab/meet:4.0.16"
coturnImage: "quay.io/apheleiait/kolab/coturn:4.0.16"
postfixImage: "quay.io/apheleiait/kolab/postfix:4.0.16"
amavisImage: "quay.io/apheleiait/kolab/amavis:4.0.16"
utilsImage: "quay.io/apheleiait/kolab/utils:4.0.16"
minioImage: "quay.io/apheleiait/kolab/minio:4.0.16"
proxyImage: "quay.io/apheleiait/kolab/proxy:4.0.16"
vectorImage: "quay.io/apheleiait/kolab/vector:4.0.16"
synapseImage: "quay.io/apheleiait/kolab/synapse:4.0.16"
elementImage: "quay.io/apheleiait/kolab/element:4.0.16"
lokiImage: "docker.io/grafana/loki:3.1.0"
grafanaImage: "docker.io/grafana/grafana:latest"
prometheusImage: "quay.io/prometheus/prometheus:latest"
blackboxExporterImage: "quay.io/prometheus/blackbox-exporter:latest"
pushgatewayImage: "quay.io/prometheus/pushgateway:latest"
mysqldExporterImage: "quay.io/prometheus/mysqld-exporter:latest"
alertmanagerImage: "quay.io/prometheus/alertmanager:latest"
victorialogsImage: "quay.io/victoriametrics/victoria-logs:v1.30.0"
vmalertImage: "quay.io/victoriametrics/vmalert:v1.125.1"
nextcloudImage: "docker.io/library/nextcloud:latest"
pullPolicy: Always
pullSecret: null
# serviceAccount:
# # Specifies whether a service account should be created
# create: true
# # Annotations to add to the service account
# annotations: {}
# # The name of the service account to use.
# # If not set and create is true, a name is generated using the fullname template
# name: ""
# podAnnotations: {}
# podSecurityContext: {}
# fsGroup: 2000
# securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
appKey: "base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E"
# Should match the kubernetes network, so local connections are trusted.
trustedProxies: "172.0.0.0/8"
ingress:
tlsSecretName: null
certManager:
letsencryptIssuer:
enabled: true
email: ""
# Configure which tls secret to use
tlsSecret:
type: letsencrypt
# This is how to inject an externally managed cert
# type: external
# secretName: externalSecret
# This is how to inject a static certificate
# type: static
# crt: |
# -----BEGIN CERTIFICATE-----
# MIIDUzCCAjugAwIBAgIUOd6enK80Ohcw5kX1xYot+ncVxEwwDQYJKoZIhvcNAQEL
# BQAwKzETMBEGA1UECgwKRXhhbXBsZSBDQTEUMBIGA1UEAwwLa29sYWIubG9jYWww
# HhcNMjMxMjI2MTA0MjUxWhcNMjQxMjI1MTA0MjUxWjArMRMwEQYDVQQKDApFeGFt
# cGxlIENBMRQwEgYDVQQDDAtrb2xhYi5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
# ggEPADCCAQoCggEBAIr/sBVZxD8jIF9w6WbZ7ivu8P6Grh0yMmd/fOi7T8rloE87
# Zi7CtOVyH/axS6I0dtlKYBmqZz7EoXvKMRirf55Hux3IXIRnSW9H8xXhzDHenwGV
# eRyxavka++sWPe7tIhx2seJosfOGHRlWpdPwSvMO4tbVJjUtWrMGYdRwrsvcFVIY
# hvD/aCreepmvnbR+YKTY6e8qVeTeMXFhb9Gk86H5cwrltIsO6uo1fx1JazXhEe5b
# mqPhIKHNQcv8Mfb+JufhPmdq83ZoNygcrh+YG0K8Mz1t3+eLi5ij1QFR7c51Lnaf
# deqaJgDKbiNGtrZEenDUZ4OGnuaWZ818jfAQ+RUCAwEAAaNvMG0wHQYDVR0OBBYE
# FGNADX2V1X6/om7P38fmz3YHfbqgMB8GA1UdIwQYMBaAFGNADX2V1X6/om7P38fm
# z3YHfbqgMA8GA1UdEwEB/wQFMAMBAf8wGgYJYIZIAYb4QgENBA0WC1NlbGYgU2ln
# bmVkMA0GCSqGSIb3DQEBCwUAA4IBAQCHx0kaw1Zs9zwaU93BcQLLtwesIvnyWnzN
# QrzNzUB88iGnzMraPa5uvyaVkKm3omyNn+B0qy3e9jBSCgVFe9rg66VPIUgGyNuj
# La6LBYDlG5iRKHpY99BF4frS8e5pslp3H42waiGIyVYFWeyHSyHbFH/BIRkGhMa2
# 9Wtnvg5FS20/7NkG3QKui9QuzLaPpPN3yLRHpH6eIwkTV1UvvStRx9a6JQZ5crPW
# aileFbysEN+CdJJAHCwreYuJD+UbdDP+3Cp9qaTRyY2nNwoyQxUPySWW8UbsljP9
# V6Of5+sYQ+o6n2E6hQOVEGqVP5kf4GoYBmfJTcbGfIFQYqk85vaA
# -----END CERTIFICATE-----
# key: |
# -----BEGIN PRIVATE KEY-----
# MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCK/7AVWcQ/IyBf
# cOlm2e4r7vD+hq4dMjJnf3zou0/K5aBPO2YuwrTlch/2sUuiNHbZSmAZqmc+xKF7
# yjEYq3+eR7sdyFyEZ0lvR/MV4cwx3p8BlXkcsWr5GvvrFj3u7SIcdrHiaLHzhh0Z
# VqXT8ErzDuLW1SY1LVqzBmHUcK7L3BVSGIbw/2gq3nqZr520fmCk2OnvKlXk3jFx
# YW/RpPOh+XMK5bSLDurqNX8dSWs14RHuW5qj4SChzUHL/DH2/ibn4T5navN2aDco
# HK4fmBtCvDM9bd/ni4uYo9UBUe3OdS52n3XqmiYAym4jRra2RHpw1GeDhp7mlmfN
# fI3wEPkVAgMBAAECggEALA4BHas/X3F/K7DKUR5mdgc727gNDFTiE9qc2NixYBHq
# fuJJLy3oDsbeqZ4k5iqxtonzrn7LTWId+nGpoPOONbjvbe+YnyBrbnlD6t4PjYjN
# Jb/dzIHQ8VYjnS2GAKmpA5N9KtDbAd+yblr/oQ5KewHvVH7nJriSxCYUMLRsOlE1
# xhhGZpynTg/CmT6xVwSlBIVDCPIfQEKiCBtpUEUwSMhcjETVfAXeNAtluXII3YnG
# uhErY4P97ON98CrbcsiWM4GO+nC0pLi3j9oEvkFVGPLFX7aj5WawaJHWjqdUcrG8
# 2R62Ob8Inyg2R9hK3pwEEYH8pwB7cLjfAexxPzF7qwKBgQDEcyZjL6lmPNOosmU5
# ZO84uh/+ppQH1zObVH+Cv4Cj5/SX8i0QbjDopbMoZou0lHJUfBU8JcZYzhN4fGFt
# TEpHwHT7gcyDddoSlADB6SRcysFMuRhPOHAfdS99ItZtna+9/uS/TA6cJOlmBPIW
# 6/Znb2MexS8SkBxKKxZ3FjbuhwKBgQC1IjzKKb/HMcVspp0gLYsmZh/5/Yjf9ZkO
# poFxrlytXoBB/izx62qqn1ihCHGUpQkoVuKA60VjKuLcM9u5Ny2AzuX9ywUrApQE
# qcfmElo9eFIUn5VuBttpMJIpNugRE/XTOe7kMKGbd+dyil+Coz5e22IvQBGgGpmx
# 1XQ3oGRGgwKBgAJxaCXNnu6tjPhJF6cqESuEbQdurOKYE4U3/Mn0dbYUGV+WXGca
# 57LM9Lho5g3d1rokPONdmOTb0zQpX9DLJRVVWF8UUyXDXm3it0uyCYi54MOCfcHm
# csaBX5DP0RjV4CydsdyLJpdcgiaJozUTxCGvKe1lCFvTvPZTKNlcRlybAoGAfoA8
# yEvD/g/Ke4kZL0Hfbp/gMS1aDF9v14V93bESVJotJOmo5gOt6R+EPGKzQEbKUHvt
# kG+/c/Sdn4AwMfhRNSZKBadmIpWYXnFchFfI4ilH2dNh/weW8K3VRidsh5DTHAPX
# zVIRa4yf/aSZ85iilIjO14T9Sj2JnWMf2UGRBpUCgYBd17muOTXJ0BzD34K+vAeH
# 9c7S9PZZNuAfF/WWskIuBGhCNuIHFO7ot5IBAoTkudDTVieQXxBo/jTyidr87gUZ
# 7kI4YjFMYkH9rAolrUutVo1aKpEHcC2+1ciz8ztiyk9cUZ0s10X+h2Svsnp/HvS9
# R4X5reaQgGrUYaU6SccGoQ==
# -----END PRIVATE KEY-----
# ca: |
# CACERT GOES HERE
passport:
# PASSPORT_PROXY_OAUTH_CLIENT_ID=$(uuidgen);
proxyOauthClientId: "942edef5-3dbd-4a14-8e3e-d5d59b727bee"
# PASSPORT_PROXY_OAUTH_CLIENT_SECRET=$(openssl rand -base64 32);
proxyOauthClientSecret: "L6L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf"
webmailSSOClientId: "842edef5-3dbd-4a14-8e3e-d5d59b727bee"
webmailSSOClientSecret: "L7L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf"
# PASSPORT_PRIVATE_KEY=$(openssl genrsa 4096);
privateKey: "dummy"
# PASSPORT_PUBLIC_KEY=$(echo "$PASSPORT_PRIVATE_KEY" | openssl rsa -pubout 2>/dev/null)
publicKey: "dummy"
kolab:
enabled: true
debug: false
name: "Kolab"
theme: "default"
withWallet: false
withSignup: true
withFiles: true
withDistlists: true
withSharedFolders: true
withResources: true
withMeet: true
withCompanionApp: true
withDelegation: true
withLoginas: true
withMailfilter: true
withUserSearch: true
withGeolockin: false
tenantId: null
dbSecret: "mariadb"
replicas: 1
adminSecrets: false
davEnabled: true
kolabObjectCompatMode: false
webmailUrl: "/webmail/"
servicesService: kolab
adminService: kolab
resellerService: kolab
maxRequestLength: "10485760"
maxFileSize: "10485760"
phpMemoryLimit: "128M"
phpMaxFileSize: "8M"
resources:
limits:
memory: 2Gi
requests:
memory: 1Gi
# additionalFrontends:
# - domainName: beta.kolab.klab.cc
# name: "beta"
# tenantId: 4
# - domainName: demoreseller.kolab.klab.cc
# name: "demoreseller"
# tenantId: 5
# theme: "dummy"
# enableOverlay: false
# volumes:
# The volume will have to be populated with something like "oc rsync ~/src/kolab-theme-kolabnow/src/ kolab-demoreseller-68d7676c6f-82fk2:/src/overlay/"
# overlay:
# storageClassName: local-path
# capacity: 100Mi
horizon:
enabled: true
seed: true
runInitCommands: true
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
meet:
serverUrls: "http://meet/meetmedia/api/"
verifyTls: false
enabled: true
publicIp: 127.0.0.1
hostNetwork: false
webhookToken: "simple123"
serverToken: "simple123"
resources:
limits:
memory: 512Mi
coturn:
enabled: false
staticSecret: "simple123"
publicIp: "127.0.0.1"
resources:
limits:
memory: 512Mi
proxy:
tlsSecretName: null
enabled: true
webappBackend: http://kolab
meetBackend: http://meet
roundcubeBackend: http://roundcube
davBackend: http://imap
davPath: "/dav"
collaboraBackend: http://collabora
matrixBackend: http://matrix
sieveBackend: imap:4190
elementBackend: http://element
webmailPath: /webmail
collabora:
enabled: true
resources:
# 1Gb + 100 MB / user
limits:
memory: 10Gi
requests:
memory: 1Gi
imap:
enabled: true
replicas: 1
host: imap
port: 143
uri: "imap:143"
tls: false
tlsSecretName: null
adminLogin: "cyrus-admin"
adminPassword: "simple123"
expiryDelay: 28
enableLegacySyncServer: true
skipChown: false
maxloginsPerUser: 0
murder:
enabled: false
externalMaster: null
externalBackends: null
podAnnotations: {}
resources:
limits:
memory: 2Gi
requests:
memory: 1Gi
volumes:
spool:
name: imap-spool
storageClassName: local-path
capacity: 100Mi
lib:
name: imap-lib
storageClassName: local-path
capacity: 100Mi
replica:
enabled: false
roundcube:
enabled: true
desKey: "+nJY+jVpVurUts490MPF7ox8T58piLqC"
skin: "kolab"
forceSkin: false
# Comma separated list of disabled plugins
disabledPlugins: null
kolabObjectCompatMode: false
davEnabled: false
replicas: 1
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
mariadb:
enabled: true
host: "mariadb"
rootPassword: "VzNsY29tMzJAcGgzbGlh"
# Used by kolab to access the roundcube mfa db
mfaDsn: "mysql://roundcube:simple123@mariadb/roundcube"
kolabDatabase: "kolabdev"
kolabUser: "kolabdev"
kolabPassword: "simple123"
kolabLegacyPassword: "simple123"
roundcubeDatabase: "roundcube"
roundcubeUser: "roundcube"
roundcubePassword: "simple123"
volumes:
data:
name: mariadb-data
storageClassName: local-path
capacity: 100Mi
resources:
limits:
memory: 512Mi
redis:
enabled: true
host: redis
password: "VzNsY29tMzJAcGgzbGlh"
resources:
limits:
memory: 2Gi
postfix:
enabled: true
withProxyProtocol: false
# Used by roundcube for submission
submissionHost: postfix
submissionPort: 587
submissionEncryption: "starttls"
submissionUsername: "noreply@{{ .Values.domainName }}"
# Used by kolab4 - nginx proxy
externalSubmissionHost: external-smtp
externalSubmissionPort: 587
# Used by kolab4 for submission FIXME, this should just be the submissionHost
smtpHost: postfix
smtpPort: 587
smtpEncryption: "starttls"
tlsSecretName: null
messageSizeLimit: "10240000"
blockOutgoingEmails: false
holdIncomingEmails: false
volumes:
spool:
name: postfix-spool
storageClassName: local-path
capacity: 100Mi
lib:
name: postfix-lib
storageClassName: local-path
capacity: 100Mi
resources:
limits:
memory: 512Mi
amavis:
clamd:
# Disabled by default because you can easily run into rate-limits.
enabled: false
spam:
forwardSpamToInbox: false
detectLevel: 6.1
killLevel: 6.9
resources:
limits:
memory: 500Mi
volumes:
spool:
name: amavis-spool
storageClassName: local-path
capacity: 100Mi
spamassassinLib:
name: spamassassin-lib
storageClassName: local-path
capacity: 100Mi
clamavLib:
name: clamav-lib
storageClassName: local-path
capacity: 100Mi
dkim:
identifier: dkim1
# Generated via amavis genrsa, must match the public key in the DNS record
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA7JdTEn/T2MhB6KLbATJj4SGernbem4d7dAW7/kVRbiMB2EtP
pQCR98eeXOOHcufXVc3w4BocXEnD47JPpkFYJBXWF32m4Y2SapBYbsXndN9fyXRr
HO9wPJlW5QK5i9D/bRUznfaBJm54y+BuX0Ln/ippqFe6z3LPjmro9Y9WpRzevYG/
TT69Iug5v4U/PA1/rEv+zZGQvNxInZYF7O2MFDbD2pYi7l4hWADP+iwOEc+Li5vP
lEvOaUlSQCb06sc0/QBHDDyU2WaEJiYy/Mk2xCmSI44f3mQghmiNsu7vlPiztAYK
jNyiVk8iWDttL9OV9qQyxHL18Q74UzJR6AylrwIDAQABAoIBAQCv3AOJuq5zctda
3sK/bv9C9sSGliD9poUjRqfoZwoSPb8/USuQUI4viZezIAUsahxr0Tp8uavfBY2w
EHiX8fZcTEbpCyMigSMWRtkU7dIP04HVss1zop7gzHIEpDPbM6zJHntRrUtuj6sG
kHo6IPdku43x7dQUIxkYmWs0LCmRbChOpYAp4XR0Zs+PGEYdBh4oXnxatQnfxvVS
nEI9pzAxxWYUjlYNr9x3JkaTTEZJgPCARZ6DxdShnd96ShWgo4ncdBD6WcnBccHW
3caafPLuW9iiRmrtiZ70uHIj5fF2qkTpQEJGbM9WSlZPgr/jMX14qf08LrmTCOd7
noOXGXNhAoGBAPq92gfUIreY6gah68vt9gqhWBUY76m/QBOmhTk4uNLfYE0LfY33
6mUD08KFbeAtJDxojDjmzbXZzRdlOXFpcHUo7Sc71aGNL8WwNOXHTuhHZHa4nYJb
Nh4urkWPxlwhP2G+N+BZfZMIzxIU95TzqWA092EziTKUOKvgngUySEvpAoGBAPGN
gOXWXp0BDBrjyyMKl9WpYc4ZZeq1AB9uhIY7j5i2xL6Vj3Cg3fETJ7xcT/sOU16E
iHQEkZyKoyo3a8Of+xi+7aW+tZEqtaDe8VivTifgRxKT8hdGV9O/pXoyOtimGe7s
hMCxxfe2N2Gnz82mw41ZShMbiLZKAAWa8F/PL53XAoGBAJBv/MC1uqn4NBdN/v6i
PTEycAL3MleeC9NGAUhNHGqcsmSvUcwOG7/EzJ8pLXoNhuolb2D301gF9tabQNPL
4TQcN0B6fz1ojzRZpJ8YiKPVPFIHVvRYhnwsd8cqYyF/JXuwj490/ZlNYbsQyO3M
zqzU1gvwHAA+0cZwxZZIuMzBAoGADyjTSxleDLpxGQrsx8E1cDpWIgokBEvhuxdD
h+0bAPmPdWqLewUNiMCsAL1GY7otb0QgEC/tN4bX4KFjyP40UwRAg+NpH7gvd+4l
9WvjGsuPilHwopdOkcJ4Tyfx24DpJb6AQlul0fsElMNkXkK2CRvucy6KMO6J+9AS
f+DP2zcCgYEAlSiJHMfwHpkYUo66A5SXgDd/V9M2VZvmlImob4PZ82WGkBDpjprn
s+5fQ70ms5ff8Ld08ho2Lu/NcK6ErkJfGgykK2r8ErIsmr5t1WpuU1P+U9xA9rIR
DR8gVdvWucyKnoNTdlG23BkUpoE3a1wR5aiEboTd8XP31tmhQ50GDVg=
-----END RSA PRIVATE KEY-----
vector:
enabled: true
mail:
# Used for the noreply@domainName sender
noreplyPassword: "simple123"
minio:
enabled: true
rootUser: "admin"
rootPassword: "simple123"
bucketName: data
volumes:
data:
name: minio-data
storageClassName: local-path
capacity: 100Mi
alertmanager:
enabled: false
externalUrlScheme: http
externalUrl: null
volumes:
alertmanagerData:
name: alertmanager-data
storageClassName: local-path
capacity: 10Mi
openshift: false
openshiftRoutesEnabled: true
buildConfigSource:
ref: master
uri: https://git.kolab.org/source/kolab.git
prometheus:
hostPrefix: null
enabled: true
routeEnabled: true
clusterMonitoring: true
tlsSecretName: null
monitoringMailtransporttestExtraFlags: "--validate"
monitoringEndpointtesterExtraFlags: null
imapHost: proxy
submissionHost: proxy
submissionPort: 587
customDavDomain: null
# Should be approx. 80% of prometheusData capacity
retentionSize: 80MB
+ extraRules: null
# mariadbMonitoring:
# password: simple123
# targets:
# - mariadb:3306
# haproxyMonitoring:
# targets:
# - haproxy:8405
volumes:
prometheusData:
name: prometheus-data
storageClassName: local-path
capacity: 100Mi
pushgatewayData:
name: pushgateway-data
storageClassName: local-path
capacity: 100Mi
loki:
enabled: false
routeEnabled: false
victorialogs:
hostPrefix: null
enabled: true
routeEnabled: true
resources:
limits:
memory: 500Mi
requests:
memory: 20Mi
volumes:
data:
name: victorialogs-data
storageClassName: local-path
capacity: 100Mi
grafana:
enabled: false
matrix:
enabled: false
element:
customConfig: null
resources:
limits:
memory: 100Mi
requests:
memory: 20Mi
synapse:
enabled: false
resources:
limits:
memory: 500Mi
requests:
memory: 100Mi
volumes:
data:
name: synapse-data
storageClassName: local-path
capacity: 100Mi
metallb:
addressPool: false
defaultPool:
create: false
ldap:
enabled: false
host: null
resources:
limits:
memory: 500Mi
requests:
memory: 100Mi
volumes:
data:
name: dirsrv-data
storageClassName: local-path
capacity: 100Mi
resources:
limits:
memory: 512Mi
nextcloud:
enabled: false
oauthClientId: null
oauthClientSecret: null
resources:
limits:
memory: 1Gi
requests:
memory: 500Mi

File Metadata

Mime Type
text/x-diff
Expires
Sat, Apr 4, 3:09 AM (3 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18797934
Default Alt Text
(31 KB)

Event Timeline