No OneTemporary
Actions

Authored By

Unknown

Size

27 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/helm/templates/postfix-deployment.yaml b/helm/templates/postfix-deployment.yaml
	index ea4469a..ef6259b 100644
	--- a/helm/templates/postfix-deployment.yaml
	+++ b/helm/templates/postfix-deployment.yaml
	@@ -1,296 +1,306 @@
	{{- if .Values.postfix.enabled -}}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	annotations:
	alpha.image.policy.openshift.io/resolve-names: '*'
	labels:
	app: postfix
	app.kubernetes.io/name: postfix
	app.kubernetes.io/part-of: kolab-app
	name: postfix
	spec:
	replicas: 1
	revisionHistoryLimit: 10
	selector:
	matchLabels:
	app: postfix
	strategy:
	type: Recreate
	template:
	metadata:
	annotations:
	checksum/config: {{ include (print $.Template.BasePath "/kolab-configmap.yaml") . \| sha256sum }}
	checksum/secret: {{ include (print $.Template.BasePath "/kolab-secret.yaml") . \| sha256sum }}
	labels:
	app: postfix
	spec:
	# Allows to run as root
	{{- if .Values.openshift }}
	serviceAccountName: postfixserviceaccount
	{{- end }}
	volumes:
	- name: postfix-spool
	persistentVolumeClaim:
	claimName: postfix-spool
	- name: postfix-lib
	persistentVolumeClaim:
	claimName: postfix-lib
	- name: kolab-cert
	secret:
	{{- $secretName := include "kolab.tlsSecretName" . }}
	secretName: {{ default .Values.postfix.tlsSecretName $secretName }}
	- name: amavis-spool
	persistentVolumeClaim:
	claimName: amavis-spool
	- name: spamassassin-lib
	persistentVolumeClaim:
	claimName: spamassassin-lib
	- name: clamav-lib
	persistentVolumeClaim:
	claimName: clamav-lib
	- name: dkim-cert
	secret:
	secretName: dkim-cert
	- name: postfix-scripts
	configMap:
	name: postfix-scripts
	defaultMode: 0777
	{{- if .Values.image.pullSecret }}
	imagePullSecrets:
	- name: registry-pull-secret
	{{- end }}
	containers:
	- name: postfix
	image: {{ .Values.image.postfixImage }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	resources:
	{{- toYaml .Values.postfix.resources \| nindent 10 }}
	securityContext:
	runAsNonRoot: false
	# Postfix insists on running as root
	runAsUser: 0
	startupProbe:
	exec:
	command:
	- /bin/sh
	- -c
	- test -e /run/saslauthd/mux && kill -0 $(cat /var/spool/postfix/pid/master.pid)
	periodSeconds: 2
	failureThreshold: 60
	# When we authentication requests time auth saslauthd ends up in a zombie/defunct state, which we detect via grep
	livenessProbe:
	exec:
	command:
	- /bin/sh
	- -c
	- test -e /run/saslauthd/mux && kill -0 $(cat /var/spool/postfix/pid/master.pid) && grep -vq "(saslauthd) Z" /proc/$(cat /var/run/saslauthd/saslauthd.pid)/stat
	periodSeconds: 10
	envFrom:
	- configMapRef:
	name: kolab-config
	- secretRef:
	name: kolab-config-secret
	env:
	- name: DB_HOST
	valueFrom:
	secretKeyRef:
	key: database-host
	name: mariadb
	- name: DB_USERNAME
	valueFrom:
	secretKeyRef:
	key: kolab-database-user
	name: mariadb
	- name: DB_PASSWORD
	valueFrom:
	secretKeyRef:
	key: kolab-database-password
	name: mariadb
	- name: DB_DATABASE
	valueFrom:
	secretKeyRef:
	key: kolab-database-name
	name: mariadb
	- name: SSL_CERTIFICATE
	value: /etc/certs/tls.crt
	- name: SSL_CERTIFICATE_KEY
	value: /etc/certs/tls.key
	- name: LMTP_DESTINATION
	value: imap:11024
	- name: AMAVIS_HOST
	value: "127.0.0.1"
	- name: MESSAGE_SIZE_LIMIT
	value: "{{ .Values.postfix.messageSizeLimit }}"
	- name: MYNETWORKS
	{{- if .Values.postfix.mynetworks }}
	value: "{{ .Values.postfix.mynetworks }}"
	{{- else }}
	value: "127.0.0.0/8"
	{{- end }}
	- name: WITH_CONTENTFILTER
	value: '{{ .Values.kolab.withMailfilter }}'
	- name: WITH_PROXY_PROTOCOL
	value: '{{ .Values.postfix.withProxyProtocol }}'
	{{- if .Values.postfix.blockOutgoingEmails }}
	- name: BLOCK_OUTGOING_EMAILS
	value: "true"
	{{- end }}
	{{- if .Values.postfix.holdIncomingEmails }}
	- name: HOLD_INCOMING_EMAILS
	value: "true"
	{{- end }}
	ports:
	# SMTP
	- containerPort: 10025
	protocol: TCP
	# Internal submission
	- containerPort: 10587
	protocol: TCP
	# External
	- containerPort: 11465
	protocol: TCP
	- containerPort: 11587
	protocol: TCP
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/spool/postfix
	name: postfix-spool
	- mountPath: /var/lib/postfix
	name: postfix-lib
	- name: kolab-cert
	readOnly: true
	mountPath: /etc/certs
	- name: amavis
	image: {{ .Values.image.amavisImage }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	resources:
	{{- toYaml .Values.amavis.resources \| nindent 10 }}
	securityContext:
	runAsNonRoot: false
	# Amavis insists on running as root
	runAsUser: 0
	startupProbe:
	exec:
	command:
	- /bin/sh
	- -c
	- test -e /var/run/amavisd/amavisd.pid
	periodSeconds: 5
	failureThreshold: 60
	livenessProbe:
	exec:
	command:
	- /bin/sh
	- -c
	# - test -e /var/run/amavisd/amavisd.pid && kill -0 $(cat /var/run/amavisd/amavisd.pid) && kill -0 $(cat /var/run/amavisd/clamd.pid)
	- test -e /var/run/amavisd/amavisd.pid && kill -0 $(cat /var/run/amavisd/amavisd.pid)
	periodSeconds: 10
	envFrom:
	- configMapRef:
	name: kolab-config
	env:
	# Perl can't deal with a searchlist like we have on openshift in /etc/resolv.conf
	# We can override it like this and make dns requests by sa-update work
	- name: RES_SEARCHLIST
	value: ""
	- name: POSTFIX_HOST
	value: "127.0.0.1"
	- name: DKIM_IDENTIFIER
	value: {{ .Values.amavis.dkim.identifier }}
	- name: CLAMD
	value: "{{ .Values.amavis.clamd.enabled }}"
	+ - name: SPAM_DETECT_LEVEL
	+ value: "{{ .Values.amavis.spam.detectLevel }}"
	+ - name: SPAM_KILL_LEVEL
	+ value: "{{ .Values.amavis.spam.killLevel }}"
	+ - name: SPAM_KILL_ACTION
	+{{- if .Values.amavis.spam.forwardToInbox }}
	+ value: "D_PASS"
	+{{- else }}
	+ value: "D_DISCARD"
	+{{- end }}
	- name: DB_HOST
	valueFrom:
	secretKeyRef:
	key: database-host
	name: mariadb
	- name: DB_USERNAME
	valueFrom:
	secretKeyRef:
	key: kolab-database-user
	name: mariadb
	- name: DB_PASSWORD
	valueFrom:
	secretKeyRef:
	key: kolab-database-password
	name: mariadb
	- name: DB_DATABASE
	valueFrom:
	secretKeyRef:
	key: kolab-database-name
	name: mariadb
	- name: REDIS_HOST
	value: "{{ .Values.redis.host }}"
	- name: REDIS_PASSWORD
	valueFrom:
	secretKeyRef:
	key: database-password
	name: redis
	ports:
	- containerPort: 13025
	protocol: TCP
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/spool/amavisd
	name: amavis-spool
	- mountPath: /var/lib/spamassassin
	name: spamassassin-lib
	- mountPath: /var/lib/clamav
	name: clamav-lib
	- name: dkim-cert
	mountPath: /var/dkim
	- name: metricsexporter
	image: {{ .Values.image.postfixImage }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	command: ['sh', '-c', 'while true; do /postfix-scripts/collectmetrics.sh; sleep 20; done']
	volumeMounts:
	- mountPath: /var/spool/postfix
	name: postfix-spool
	- mountPath: /postfix-scripts
	name: postfix-scripts
	dnsPolicy: ClusterFirst
	restartPolicy: Always
	schedulerName: default-scheduler
	terminationGracePeriodSeconds: 30
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: postfix-scripts
	data:
	collectmetrics.sh: \|
	#!/bin/bash

	HOST="postfix-metrics"

	EPOCH=$(date +"%s")
	METRICS=$(
	cat <<EOF
	kolab_mx_metrics_timestamp $EPOCH
	# HELP kolab_mx_queue_length Queue length
	# TYPE kolab_mx_queue_length gauge
	EOF
	)

	queues="active bounce corrupt deferred flush hold incoming maildrop"

	spool_dir=/var/spool/postfix
	for queue in ${queues}; do
	test -d ${spool_dir}/${queue} \|\| continue
	COUNT=$(find "${spool_dir}/${queue}" -type f -print \| wc -l)

	# TODO once we have more than one instance, we should seaprate accordingly
	METRICS+=$(
	cat <<EOF

	kolab_mx_queue_length{host="$HOST", queue="$queue", instance="postfix"} $COUNT
	EOF
	)
	done

	echo "$METRICS"
	echo "$METRICS" \| curl -k --data-binary @- http://pushgateway:9091/metrics/job/postfixmetrics/host/$HOST
	{{- end }}
	diff --git a/helm/values.yaml b/helm/values.yaml
	index 82393a9..42581ee 100644
	--- a/helm/values.yaml
	+++ b/helm/values.yaml
	@@ -1,577 +1,581 @@
	# Default values for kolab.
	# This is a YAML-formatted file.
	# Declare variables to be passed into your templates.

	domainName: "kolab.local"

	# The admin user is always admin@domainName
	adminPassword: null

	# User for prometheus/loki
	externalServiceUser: "admin"
	# Generate with "openssl passwd -1 simple123"
	externalServiceUserPassword: "$1$4JUJFGc/$rqEi/7HU4B3YdpDb7tERK."

	# Arbitrary commands can be included like this that will be run before the horizon container starts.
	# initCommands: [
	# "./artisan user:password admin@kolab.local simple123",
	# "./artisan user:create test1@kolab.local --password=simple123 \|\| :",
	# "./artisan user:create test2@kolab.local --password=simple123 \|\| :",
	# ]

	serviceAccounts:
	create: true
	monitoring1:
	user: test1@kolab.local
	password: null
	monitoring2:
	user: test2@kolab.local
	password: null

	image:
	imapImage: "quay.io/apheleiait/kolab/imap:4.0.16"
	kolabImage: "quay.io/apheleiait/kolab/webapp:4.0.16"
	collaboraImage: "quay.io/apheleiait/kolab/collabora:4.0.16"
	redisImage: "quay.io/apheleiait/kolab/redis:4.0.16"
	roundcubeImage: "quay.io/apheleiait/kolab/roundcube:4.0.16"
	mariadbImage: "quay.io/apheleiait/kolab/mariadb:4.0.16"
	meetImage: "quay.io/apheleiait/kolab/meet:4.0.16"
	coturnImage: "quay.io/apheleiait/kolab/coturn:4.0.16"
	postfixImage: "quay.io/apheleiait/kolab/postfix:4.0.16"
	amavisImage: "quay.io/apheleiait/kolab/amavis:4.0.16"
	utilsImage: "quay.io/apheleiait/kolab/utils:4.0.16"
	minioImage: "quay.io/apheleiait/kolab/minio:4.0.16"
	proxyImage: "quay.io/apheleiait/kolab/proxy:4.0.16"
	vectorImage: "quay.io/apheleiait/kolab/vector:4.0.16"
	synapseImage: "quay.io/apheleiait/kolab/synapse:4.0.16"
	elementImage: "quay.io/apheleiait/kolab/element:4.0.16"
	lokiImage: "docker.io/grafana/loki:3.1.0"
	grafanaImage: "docker.io/grafana/grafana:latest"
	prometheusImage: "quay.io/prometheus/prometheus:latest"
	blackboxExporterImage: "quay.io/prometheus/blackbox-exporter:latest"
	pushgatewayImage: "quay.io/prometheus/pushgateway:latest"
	mysqldExporterImage: "quay.io/prometheus/mysqld-exporter:latest"
	alertmanagerImage: "quay.io/prometheus/alertmanager:latest"
	victorialogsImage: "quay.io/victoriametrics/victoria-logs:v1.30.0"
	vmalertImage: "quay.io/victoriametrics/vmalert:v1.125.1"
	nextcloudImage: "docker.io/library/nextcloud:latest"
	pullPolicy: Always
	pullSecret: null

	# serviceAccount:
	# # Specifies whether a service account should be created
	# create: true
	# # Annotations to add to the service account
	# annotations: {}
	# # The name of the service account to use.
	# # If not set and create is true, a name is generated using the fullname template
	# name: ""

	# podAnnotations: {}

	# podSecurityContext: {}
	# fsGroup: 2000

	# securityContext: {}
	# capabilities:
	# drop:
	# - ALL
	# readOnlyRootFilesystem: true
	# runAsNonRoot: true
	# runAsUser: 1000

	appKey: "base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E"

	# Should match the kubernetes network, so local connections are trusted.
	trustedProxies: "172.0.0.0/8"

	ingress:
	tlsSecretName: null

	certManager:
	letsencryptIssuer:
	enabled: true
	email: ""

	# Configure which tls secret to use
	tlsSecret:
	type: letsencrypt
	# This is how to inject an externally managed cert
	# type: external
	# secretName: externalSecret
	# This is how to inject a static certificate
	# type: static
	# crt: \|
	# -----BEGIN CERTIFICATE-----
	# MIIDUzCCAjugAwIBAgIUOd6enK80Ohcw5kX1xYot+ncVxEwwDQYJKoZIhvcNAQEL
	# BQAwKzETMBEGA1UECgwKRXhhbXBsZSBDQTEUMBIGA1UEAwwLa29sYWIubG9jYWww
	# HhcNMjMxMjI2MTA0MjUxWhcNMjQxMjI1MTA0MjUxWjArMRMwEQYDVQQKDApFeGFt
	# cGxlIENBMRQwEgYDVQQDDAtrb2xhYi5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
	# ggEPADCCAQoCggEBAIr/sBVZxD8jIF9w6WbZ7ivu8P6Grh0yMmd/fOi7T8rloE87
	# Zi7CtOVyH/axS6I0dtlKYBmqZz7EoXvKMRirf55Hux3IXIRnSW9H8xXhzDHenwGV
	# eRyxavka++sWPe7tIhx2seJosfOGHRlWpdPwSvMO4tbVJjUtWrMGYdRwrsvcFVIY
	# hvD/aCreepmvnbR+YKTY6e8qVeTeMXFhb9Gk86H5cwrltIsO6uo1fx1JazXhEe5b
	# mqPhIKHNQcv8Mfb+JufhPmdq83ZoNygcrh+YG0K8Mz1t3+eLi5ij1QFR7c51Lnaf
	# deqaJgDKbiNGtrZEenDUZ4OGnuaWZ818jfAQ+RUCAwEAAaNvMG0wHQYDVR0OBBYE
	# FGNADX2V1X6/om7P38fmz3YHfbqgMB8GA1UdIwQYMBaAFGNADX2V1X6/om7P38fm
	# z3YHfbqgMA8GA1UdEwEB/wQFMAMBAf8wGgYJYIZIAYb4QgENBA0WC1NlbGYgU2ln
	# bmVkMA0GCSqGSIb3DQEBCwUAA4IBAQCHx0kaw1Zs9zwaU93BcQLLtwesIvnyWnzN
	# QrzNzUB88iGnzMraPa5uvyaVkKm3omyNn+B0qy3e9jBSCgVFe9rg66VPIUgGyNuj
	# La6LBYDlG5iRKHpY99BF4frS8e5pslp3H42waiGIyVYFWeyHSyHbFH/BIRkGhMa2
	# 9Wtnvg5FS20/7NkG3QKui9QuzLaPpPN3yLRHpH6eIwkTV1UvvStRx9a6JQZ5crPW
	# aileFbysEN+CdJJAHCwreYuJD+UbdDP+3Cp9qaTRyY2nNwoyQxUPySWW8UbsljP9
	# V6Of5+sYQ+o6n2E6hQOVEGqVP5kf4GoYBmfJTcbGfIFQYqk85vaA
	# -----END CERTIFICATE-----
	# key: \|
	# -----BEGIN PRIVATE KEY-----
	# MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCK/7AVWcQ/IyBf
	# cOlm2e4r7vD+hq4dMjJnf3zou0/K5aBPO2YuwrTlch/2sUuiNHbZSmAZqmc+xKF7
	# yjEYq3+eR7sdyFyEZ0lvR/MV4cwx3p8BlXkcsWr5GvvrFj3u7SIcdrHiaLHzhh0Z
	# VqXT8ErzDuLW1SY1LVqzBmHUcK7L3BVSGIbw/2gq3nqZr520fmCk2OnvKlXk3jFx
	# YW/RpPOh+XMK5bSLDurqNX8dSWs14RHuW5qj4SChzUHL/DH2/ibn4T5navN2aDco
	# HK4fmBtCvDM9bd/ni4uYo9UBUe3OdS52n3XqmiYAym4jRra2RHpw1GeDhp7mlmfN
	# fI3wEPkVAgMBAAECggEALA4BHas/X3F/K7DKUR5mdgc727gNDFTiE9qc2NixYBHq
	# fuJJLy3oDsbeqZ4k5iqxtonzrn7LTWId+nGpoPOONbjvbe+YnyBrbnlD6t4PjYjN
	# Jb/dzIHQ8VYjnS2GAKmpA5N9KtDbAd+yblr/oQ5KewHvVH7nJriSxCYUMLRsOlE1
	# xhhGZpynTg/CmT6xVwSlBIVDCPIfQEKiCBtpUEUwSMhcjETVfAXeNAtluXII3YnG
	# uhErY4P97ON98CrbcsiWM4GO+nC0pLi3j9oEvkFVGPLFX7aj5WawaJHWjqdUcrG8
	# 2R62Ob8Inyg2R9hK3pwEEYH8pwB7cLjfAexxPzF7qwKBgQDEcyZjL6lmPNOosmU5
	# ZO84uh/+ppQH1zObVH+Cv4Cj5/SX8i0QbjDopbMoZou0lHJUfBU8JcZYzhN4fGFt
	# TEpHwHT7gcyDddoSlADB6SRcysFMuRhPOHAfdS99ItZtna+9/uS/TA6cJOlmBPIW
	# 6/Znb2MexS8SkBxKKxZ3FjbuhwKBgQC1IjzKKb/HMcVspp0gLYsmZh/5/Yjf9ZkO
	# poFxrlytXoBB/izx62qqn1ihCHGUpQkoVuKA60VjKuLcM9u5Ny2AzuX9ywUrApQE
	# qcfmElo9eFIUn5VuBttpMJIpNugRE/XTOe7kMKGbd+dyil+Coz5e22IvQBGgGpmx
	# 1XQ3oGRGgwKBgAJxaCXNnu6tjPhJF6cqESuEbQdurOKYE4U3/Mn0dbYUGV+WXGca
	# 57LM9Lho5g3d1rokPONdmOTb0zQpX9DLJRVVWF8UUyXDXm3it0uyCYi54MOCfcHm
	# csaBX5DP0RjV4CydsdyLJpdcgiaJozUTxCGvKe1lCFvTvPZTKNlcRlybAoGAfoA8
	# yEvD/g/Ke4kZL0Hfbp/gMS1aDF9v14V93bESVJotJOmo5gOt6R+EPGKzQEbKUHvt
	# kG+/c/Sdn4AwMfhRNSZKBadmIpWYXnFchFfI4ilH2dNh/weW8K3VRidsh5DTHAPX
	# zVIRa4yf/aSZ85iilIjO14T9Sj2JnWMf2UGRBpUCgYBd17muOTXJ0BzD34K+vAeH
	# 9c7S9PZZNuAfF/WWskIuBGhCNuIHFO7ot5IBAoTkudDTVieQXxBo/jTyidr87gUZ
	# 7kI4YjFMYkH9rAolrUutVo1aKpEHcC2+1ciz8ztiyk9cUZ0s10X+h2Svsnp/HvS9
	# R4X5reaQgGrUYaU6SccGoQ==
	# -----END PRIVATE KEY-----
	# ca: \|
	# CACERT GOES HERE

	passport:
	# PASSPORT_PROXY_OAUTH_CLIENT_ID=$(uuidgen);
	proxyOauthClientId: "942edef5-3dbd-4a14-8e3e-d5d59b727bee"
	# PASSPORT_PROXY_OAUTH_CLIENT_SECRET=$(openssl rand -base64 32);
	proxyOauthClientSecret: "L6L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf"
	webmailSSOClientId: "842edef5-3dbd-4a14-8e3e-d5d59b727bee"
	webmailSSOClientSecret: "L7L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf"
	# PASSPORT_PRIVATE_KEY=$(openssl genrsa 4096);
	privateKey: "dummy"
	# PASSPORT_PUBLIC_KEY=$(echo "$PASSPORT_PRIVATE_KEY" \| openssl rsa -pubout 2>/dev/null)
	publicKey: "dummy"

	kolab:
	enabled: true
	debug: false
	name: "Kolab"
	theme: "default"
	withWallet: false
	withSignup: true
	withFiles: true
	withDistlists: true
	withSharedFolders: true
	withResources: true
	withMeet: true
	withCompanionApp: true
	withDelegation: true
	withLoginas: true
	withMailfilter: true
	withUserSearch: true
	tenantId: null
	dbSecret: "mariadb"
	replicas: 1
	adminSecrets: false
	davEnabled: true
	kolabObjectCompatMode: false
	webmailUrl: "/webmail/"
	servicesService: kolab
	adminService: kolab
	resellerService: kolab
	maxRequestLength: "10485760"
	maxFileSize: "10485760"
	phpMemoryLimit: "128M"
	phpMaxFileSize: "8M"
	resources:
	limits:
	memory: 2Gi
	requests:
	memory: 1Gi
	# additionalFrontends:
	# - domainName: beta.kolab.klab.cc
	# name: "beta"
	# tenantId: 4
	# - domainName: demoreseller.kolab.klab.cc
	# name: "demoreseller"
	# tenantId: 5
	# theme: "dummy"
	# enableOverlay: false
	# volumes:
	# The volume will have to be populated with something like "oc rsync ~/src/kolab-theme-kolabnow/src/ kolab-demoreseller-68d7676c6f-82fk2:/src/overlay/"
	# overlay:
	# storageClassName: local-path
	# capacity: 100Mi

	horizon:
	enabled: true
	seed: true
	runInitCommands: true
	resources:
	limits:
	memory: 1Gi
	requests:
	memory: 1Gi

	meet:
	serverUrls: "http://meet/meetmedia/api/"
	verifyTls: false
	enabled: true
	publicIp: 127.0.0.1
	hostNetwork: false
	webhookToken: "simple123"
	serverToken: "simple123"
	resources:
	limits:
	memory: 512Mi

	coturn:
	enabled: false
	staticSecret: "simple123"
	publicIp: "127.0.0.1"
	resources:
	limits:
	memory: 512Mi

	proxy:
	tlsSecretName: null
	enabled: true
	webappBackend: http://kolab
	meetBackend: http://meet
	roundcubeBackend: http://roundcube
	davBackend: http://imap
	davPath: "/dav"
	collaboraBackend: http://collabora
	matrixBackend: http://matrix
	sieveBackend: imap:4190
	elementBackend: http://element
	webmailPath: /webmail

	collabora:
	enabled: true
	resources:
	# 1Gb + 100 MB / user
	limits:
	memory: 10Gi
	requests:
	memory: 1Gi

	imap:
	enabled: true
	replicas: 1
	host: imap
	port: 143
	uri: "imap:143"
	tls: false
	tlsSecretName: null
	adminLogin: "cyrus-admin"
	adminPassword: "simple123"
	expiryDelay: 28
	enableLegacySyncServer: true
	skipChown: false
	murder:
	enabled: false
	externalMaster: null
	externalBackends: null
	podAnnotations: {}
	resources:
	limits:
	memory: 2Gi
	requests:
	memory: 1Gi
	volumes:
	spool:
	name: imap-spool
	storageClassName: local-path
	capacity: 100Mi
	lib:
	name: imap-lib
	storageClassName: local-path
	capacity: 100Mi
	replica:
	enabled: false

	roundcube:
	enabled: true
	desKey: "+nJY+jVpVurUts490MPF7ox8T58piLqC"
	skin: "kolab"
	forceSkin: false
	# Comma separated list of disabled plugins
	disabledPlugins: null
	kolabObjectCompatMode: false
	davEnabled: false
	replicas: 1
	resources:
	limits:
	memory: 1Gi
	requests:
	memory: 1Gi

	mariadb:
	enabled: true
	host: "mariadb"
	rootPassword: "VzNsY29tMzJAcGgzbGlh"
	# Used by kolab to access the roundcube mfa db
	mfaDsn: "mysql://roundcube:simple123@mariadb/roundcube"
	kolabDatabase: "kolabdev"
	kolabUser: "kolabdev"
	kolabPassword: "simple123"
	kolabLegacyPassword: "simple123"
	roundcubeDatabase: "roundcube"
	roundcubeUser: "roundcube"
	roundcubePassword: "simple123"
	volumes:
	data:
	name: mariadb-data
	storageClassName: local-path
	capacity: 100Mi
	resources:
	limits:
	memory: 512Mi

	redis:
	enabled: true
	host: redis
	password: "VzNsY29tMzJAcGgzbGlh"
	resources:
	limits:
	memory: 2Gi

	postfix:
	enabled: true
	withProxyProtocol: false
	# Used by roundcube for submission
	submissionHost: postfix
	submissionPort: 587
	submissionEncryption: "starttls"
	submissionUsername: "noreply@{{ .Values.domainName }}"
	# Used by kolab4 - nginx proxy
	externalSubmissionHost: external-smtp
	externalSubmissionPort: 587
	# Used by kolab4 for submission FIXME, this should just be the submissionHost
	smtpHost: postfix
	smtpPort: 587
	smtpEncryption: "starttls"
	tlsSecretName: null
	messageSizeLimit: "10240000"
	blockOutgoingEmails: false
	holdIncomingEmails: false
	volumes:
	spool:
	name: postfix-spool
	storageClassName: local-path
	capacity: 100Mi
	lib:
	name: postfix-lib
	storageClassName: local-path
	capacity: 100Mi
	resources:
	limits:
	memory: 512Mi

	amavis:
	clamd:
	# Disabled by default because you can easily run into rate-limits.
	enabled: false
	+ spam:
	+ forwardSpamToInbox: false
	+ detectLevel: 6.1
	+ killLevel: 6.9
	resources:
	limits:
	memory: 500Mi
	volumes:
	spool:
	name: amavis-spool
	storageClassName: local-path
	capacity: 100Mi
	spamassassinLib:
	name: spamassassin-lib
	storageClassName: local-path
	capacity: 100Mi
	clamavLib:
	name: clamav-lib
	storageClassName: local-path
	capacity: 100Mi
	dkim:
	identifier: dkim1
	# Generated via amavis genrsa, must match the public key in the DNS record
	key: \|
	-----BEGIN RSA PRIVATE KEY-----
	MIIEpQIBAAKCAQEA7JdTEn/T2MhB6KLbATJj4SGernbem4d7dAW7/kVRbiMB2EtP
	pQCR98eeXOOHcufXVc3w4BocXEnD47JPpkFYJBXWF32m4Y2SapBYbsXndN9fyXRr
	HO9wPJlW5QK5i9D/bRUznfaBJm54y+BuX0Ln/ippqFe6z3LPjmro9Y9WpRzevYG/
	TT69Iug5v4U/PA1/rEv+zZGQvNxInZYF7O2MFDbD2pYi7l4hWADP+iwOEc+Li5vP
	lEvOaUlSQCb06sc0/QBHDDyU2WaEJiYy/Mk2xCmSI44f3mQghmiNsu7vlPiztAYK
	jNyiVk8iWDttL9OV9qQyxHL18Q74UzJR6AylrwIDAQABAoIBAQCv3AOJuq5zctda
	3sK/bv9C9sSGliD9poUjRqfoZwoSPb8/USuQUI4viZezIAUsahxr0Tp8uavfBY2w
	EHiX8fZcTEbpCyMigSMWRtkU7dIP04HVss1zop7gzHIEpDPbM6zJHntRrUtuj6sG
	kHo6IPdku43x7dQUIxkYmWs0LCmRbChOpYAp4XR0Zs+PGEYdBh4oXnxatQnfxvVS
	nEI9pzAxxWYUjlYNr9x3JkaTTEZJgPCARZ6DxdShnd96ShWgo4ncdBD6WcnBccHW
	3caafPLuW9iiRmrtiZ70uHIj5fF2qkTpQEJGbM9WSlZPgr/jMX14qf08LrmTCOd7
	noOXGXNhAoGBAPq92gfUIreY6gah68vt9gqhWBUY76m/QBOmhTk4uNLfYE0LfY33
	6mUD08KFbeAtJDxojDjmzbXZzRdlOXFpcHUo7Sc71aGNL8WwNOXHTuhHZHa4nYJb
	Nh4urkWPxlwhP2G+N+BZfZMIzxIU95TzqWA092EziTKUOKvgngUySEvpAoGBAPGN
	gOXWXp0BDBrjyyMKl9WpYc4ZZeq1AB9uhIY7j5i2xL6Vj3Cg3fETJ7xcT/sOU16E
	iHQEkZyKoyo3a8Of+xi+7aW+tZEqtaDe8VivTifgRxKT8hdGV9O/pXoyOtimGe7s
	hMCxxfe2N2Gnz82mw41ZShMbiLZKAAWa8F/PL53XAoGBAJBv/MC1uqn4NBdN/v6i
	PTEycAL3MleeC9NGAUhNHGqcsmSvUcwOG7/EzJ8pLXoNhuolb2D301gF9tabQNPL
	4TQcN0B6fz1ojzRZpJ8YiKPVPFIHVvRYhnwsd8cqYyF/JXuwj490/ZlNYbsQyO3M
	zqzU1gvwHAA+0cZwxZZIuMzBAoGADyjTSxleDLpxGQrsx8E1cDpWIgokBEvhuxdD
	h+0bAPmPdWqLewUNiMCsAL1GY7otb0QgEC/tN4bX4KFjyP40UwRAg+NpH7gvd+4l
	9WvjGsuPilHwopdOkcJ4Tyfx24DpJb6AQlul0fsElMNkXkK2CRvucy6KMO6J+9AS
	f+DP2zcCgYEAlSiJHMfwHpkYUo66A5SXgDd/V9M2VZvmlImob4PZ82WGkBDpjprn
	s+5fQ70ms5ff8Ld08ho2Lu/NcK6ErkJfGgykK2r8ErIsmr5t1WpuU1P+U9xA9rIR
	DR8gVdvWucyKnoNTdlG23BkUpoE3a1wR5aiEboTd8XP31tmhQ50GDVg=
	-----END RSA PRIVATE KEY-----

	vector:
	enabled: true
	mail:
	# Used for the noreply@domainName sender
	noreplyPassword: "simple123"

	minio:
	enabled: true
	rootUser: "admin"
	rootPassword: "simple123"
	bucketName: data
	volumes:
	data:
	name: minio-data
	storageClassName: local-path
	capacity: 100Mi

	alertmanager:
	enabled: false
	externalUrlScheme: http
	externalUrl: null
	volumes:
	alertmanagerData:
	name: alertmanager-data
	storageClassName: local-path
	capacity: 10Mi

	openshift: false
	openshiftRoutesEnabled: true
	buildConfigSource:
	ref: master
	uri: https://git.kolab.org/source/kolab.git

	prometheus:
	hostPrefix: null
	enabled: true
	routeEnabled: true
	clusterMonitoring: true
	tlsSecretName: null
	monitoringMailtransporttestExtraFlags: "--validate"
	monitoringEndpointtesterExtraFlags: null
	imapHost: proxy
	submissionHost: proxy
	submissionPort: 587
	customDavDomain: null
	# Should be approx. 80% of prometheusData capacity
	retentionSize: 80MB
	# mariadbMonitoring:
	# password: simple123
	# targets:
	# - mariadb:3306
	# haproxyMonitoring:
	# targets:
	# - haproxy:8405
	volumes:
	prometheusData:
	name: prometheus-data
	storageClassName: local-path
	capacity: 100Mi
	pushgatewayData:
	name: pushgateway-data
	storageClassName: local-path
	capacity: 100Mi

	loki:
	enabled: false
	routeEnabled: false

	victorialogs:
	enabled: true
	routeEnabled: true
	resources:
	limits:
	memory: 500Mi
	requests:
	memory: 20Mi
	volumes:
	data:
	name: victorialogs-data
	storageClassName: local-path
	capacity: 100Mi

	grafana:
	enabled: false

	matrix:
	enabled: false

	element:
	customConfig: null
	resources:
	limits:
	memory: 100Mi
	requests:
	memory: 20Mi

	synapse:
	enabled: false
	resources:
	limits:
	memory: 500Mi
	requests:
	memory: 100Mi
	volumes:
	data:
	name: synapse-data
	storageClassName: local-path
	capacity: 100Mi

	metallb:
	addressPool: false
	defaultPool:
	create: false

	ldap:
	enabled: false
	host: null
	resources:
	limits:
	memory: 500Mi
	requests:
	memory: 100Mi
	volumes:
	data:
	name: dirsrv-data
	storageClassName: local-path
	capacity: 100Mi
	resources:
	limits:
	memory: 512Mi

	nextcloud:
	enabled: false
	oauthClientId: null
	oauthClientSecret: null
	resources:
	limits:
	memory: 1Gi
	requests:
	memory: 500Mi

File Metadata

Mime Type: text/x-diff
Expires: Sat, Apr 4, 8:36 AM (2 w, 4 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18823278
Default Alt Text: (27 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions