Page MenuHomePhorge
Files F117877776

No OneTemporary
Actions

Authored By
Unknown
Size
17 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/kolab/templates/imap-frontend-deployment.yaml b/kolab/templates/imap-frontend-deployment.yaml
index 5db75e9..93105f8 100644
--- a/kolab/templates/imap-frontend-deployment.yaml
+++ b/kolab/templates/imap-frontend-deployment.yaml
@@ -1,110 +1,113 @@
{{- if and .Values.imap.enabled .Values.imap.murder.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
alpha.image.policy.openshift.io/resolve-names: '*'
image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"imap:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"imap\")].image"}]'
+ {{- range $key, $value := .Values.imap.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
labels:
app: imap
app.kubernetes.io/name: imap
app.kubernetes.io/part-of: kolab-app
name: imap
spec:
replicas: {{ .Values.imap.replicas }}
revisionHistoryLimit: 10
selector:
matchLabels:
app: imap
strategy:
type: Recreate
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/kolab-configmap.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/kolab-secret.yaml") . | sha256sum }}
labels:
app: imap
spec:
volumes:
- name: imap-lib
emptyDir: {}
- name: kolab-cert
secret:
{{- $secretName := include "kolab.tlsSecretName" . }}
secretName: {{ default .Values.imap.tlsSecretName $secretName }}
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: registry-pull-secret
{{- end }}
containers:
- name: imap
image: {{ .Values.image.imapImage }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.imap.resources | nindent 10 }}
startupProbe:
exec:
command:
- /bin/sh
- -c
- test -e /run/saslauthd/mux && kill -0 $(cat /var/run/master.pid)
periodSeconds: 2
failureThreshold: 60
livenessProbe:
exec:
command:
- /bin/sh
- -c
- test -e /run/saslauthd/mux && kill -0 $(cat /var/run/master.pid)
periodSeconds: 5
envFrom:
- configMapRef:
name: kolab-config
- secretRef:
name: kolab-config-secret
- secretRef:
name: kolab-admin-secret
env:
- name: SSL_CERTIFICATE
value: /etc/certs/tls.crt
- name: SSL_CERTIFICATE_KEY
value: /etc/certs/tls.key
- name: MUPDATE
value: {{ .Values.imap.murder.externalMaster }}
- name: SERVERLIST
value: {{ .Values.imap.murder.externalBackends }}
- name: IMAPD_CONF
value: /etc/imapd-frontend.conf
- name: CYRUS_CONF
value: /etc/cyrus-frontend.conf
- name: SERVERNAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 11993
protocol: TCP
- containerPort: 11143
protocol: TCP
- containerPort: 11080
protocol: TCP
- containerPort: 11443
protocol: TCP
- containerPort: 4190
protocol: TCP
- containerPort: 11024
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: imap-lib
mountPath: /var/lib/imap
- name: kolab-cert
readOnly: true
mountPath: /etc/certs
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
{{- end }}
diff --git a/kolab/values.yaml b/kolab/values.yaml
index fabc32e..3bfd2fe 100644
--- a/kolab/values.yaml
+++ b/kolab/values.yaml
@@ -1,461 +1,462 @@
# Default values for kolab.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
domainName: "kolab.local"
# The admin user is always admin@domainName
adminPassword: "simple123"
# User for prometheus/loki
externalServiceUser: "admin"
# Generate with "openssl passwd -1 simple123"
externalServiceUserPassword: "$1$4JUJFGc/$rqEi/7HU4B3YdpDb7tERK."
# migrate:status is required to make sure we don't try to run commands before the db is ready
# TODO integrate this into the seeder I guess?
initCommands: [
"./artisan user:password admin@kolab.local simple123",
"./artisan user:create test1@kolab.local --password=simple123 || :",
"./artisan user:create test2@kolab.local --password=simple123 || :",
]
# Created above
testUser: "test1@kolab.local"
testPassword: "simple123"
image:
imapImage: "quay.io/apheleiait/kolab/imap:4.0.1"
kolabImage: "quay.io/apheleiait/kolab/webapp:4.0.1"
collaboraImage: "quay.io/apheleiait/kolab/collabora:4.0.1"
redisImage: "quay.io/apheleiait/kolab/redis:4.0.1"
roundcubeImage: "quay.io/apheleiait/kolab/roundcube:4.0.1"
mariadbImage: "quay.io/apheleiait/kolab/mariadb:4.0.1"
meetImage: "quay.io/apheleiait/kolab/meet:4.0.1"
coturnImage: "quay.io/apheleiait/kolab/coturn:4.0.1"
postfixImage: "quay.io/apheleiait/kolab/postfix:4.0.1"
amavisImage: "quay.io/apheleiait/kolab/amavis:4.0.1"
utilsImage: "quay.io/apheleiait/kolab/utils:4.0.1"
minioImage: "quay.io/apheleiait/kolab/minio:4.0.1"
proxyImage: "quay.io/apheleiait/kolab/proxy:4.0.1"
fluentbitImage: "quay.io/apheleiait/kolab/fluentbit:4.0.1"
vectorImage: "quay.io/apheleiait/kolab/vector:4.0.1"
synapseImage: "quay.io/apheleiait/kolab/synapse:4.0.1"
elementImage: "quay.io/apheleiait/kolab/element:4.0.1"
pullPolicy: Always
pullSecret: null
# serviceAccount:
# # Specifies whether a service account should be created
# create: true
# # Annotations to add to the service account
# annotations: {}
# # The name of the service account to use.
# # If not set and create is true, a name is generated using the fullname template
# name: ""
# podAnnotations: {}
# podSecurityContext: {}
# fsGroup: 2000
# securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
appKey: "base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E"
# Should match the kubernetes network, so local connections are trusted.
trustedProxies: "172.0.0.0/8"
ingress:
tlsSecretName: null
proxy:
tlsSecretName: null
certManager:
letsencryptIssuer:
enabled: true
email: ""
# Configure which tls secret to use
tlsSecret:
type: letsencrypt
# This is how to inject an externally managed cert
# type: external
# secretName: externalSecret
# This is how to inject a static certificate
# type: static
# crt: |
# -----BEGIN CERTIFICATE-----
# MIIDUzCCAjugAwIBAgIUOd6enK80Ohcw5kX1xYot+ncVxEwwDQYJKoZIhvcNAQEL
# BQAwKzETMBEGA1UECgwKRXhhbXBsZSBDQTEUMBIGA1UEAwwLa29sYWIubG9jYWww
# HhcNMjMxMjI2MTA0MjUxWhcNMjQxMjI1MTA0MjUxWjArMRMwEQYDVQQKDApFeGFt
# cGxlIENBMRQwEgYDVQQDDAtrb2xhYi5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
# ggEPADCCAQoCggEBAIr/sBVZxD8jIF9w6WbZ7ivu8P6Grh0yMmd/fOi7T8rloE87
# Zi7CtOVyH/axS6I0dtlKYBmqZz7EoXvKMRirf55Hux3IXIRnSW9H8xXhzDHenwGV
# eRyxavka++sWPe7tIhx2seJosfOGHRlWpdPwSvMO4tbVJjUtWrMGYdRwrsvcFVIY
# hvD/aCreepmvnbR+YKTY6e8qVeTeMXFhb9Gk86H5cwrltIsO6uo1fx1JazXhEe5b
# mqPhIKHNQcv8Mfb+JufhPmdq83ZoNygcrh+YG0K8Mz1t3+eLi5ij1QFR7c51Lnaf
# deqaJgDKbiNGtrZEenDUZ4OGnuaWZ818jfAQ+RUCAwEAAaNvMG0wHQYDVR0OBBYE
# FGNADX2V1X6/om7P38fmz3YHfbqgMB8GA1UdIwQYMBaAFGNADX2V1X6/om7P38fm
# z3YHfbqgMA8GA1UdEwEB/wQFMAMBAf8wGgYJYIZIAYb4QgENBA0WC1NlbGYgU2ln
# bmVkMA0GCSqGSIb3DQEBCwUAA4IBAQCHx0kaw1Zs9zwaU93BcQLLtwesIvnyWnzN
# QrzNzUB88iGnzMraPa5uvyaVkKm3omyNn+B0qy3e9jBSCgVFe9rg66VPIUgGyNuj
# La6LBYDlG5iRKHpY99BF4frS8e5pslp3H42waiGIyVYFWeyHSyHbFH/BIRkGhMa2
# 9Wtnvg5FS20/7NkG3QKui9QuzLaPpPN3yLRHpH6eIwkTV1UvvStRx9a6JQZ5crPW
# aileFbysEN+CdJJAHCwreYuJD+UbdDP+3Cp9qaTRyY2nNwoyQxUPySWW8UbsljP9
# V6Of5+sYQ+o6n2E6hQOVEGqVP5kf4GoYBmfJTcbGfIFQYqk85vaA
# -----END CERTIFICATE-----
# key: |
# -----BEGIN PRIVATE KEY-----
# MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCK/7AVWcQ/IyBf
# cOlm2e4r7vD+hq4dMjJnf3zou0/K5aBPO2YuwrTlch/2sUuiNHbZSmAZqmc+xKF7
# yjEYq3+eR7sdyFyEZ0lvR/MV4cwx3p8BlXkcsWr5GvvrFj3u7SIcdrHiaLHzhh0Z
# VqXT8ErzDuLW1SY1LVqzBmHUcK7L3BVSGIbw/2gq3nqZr520fmCk2OnvKlXk3jFx
# YW/RpPOh+XMK5bSLDurqNX8dSWs14RHuW5qj4SChzUHL/DH2/ibn4T5navN2aDco
# HK4fmBtCvDM9bd/ni4uYo9UBUe3OdS52n3XqmiYAym4jRra2RHpw1GeDhp7mlmfN
# fI3wEPkVAgMBAAECggEALA4BHas/X3F/K7DKUR5mdgc727gNDFTiE9qc2NixYBHq
# fuJJLy3oDsbeqZ4k5iqxtonzrn7LTWId+nGpoPOONbjvbe+YnyBrbnlD6t4PjYjN
# Jb/dzIHQ8VYjnS2GAKmpA5N9KtDbAd+yblr/oQ5KewHvVH7nJriSxCYUMLRsOlE1
# xhhGZpynTg/CmT6xVwSlBIVDCPIfQEKiCBtpUEUwSMhcjETVfAXeNAtluXII3YnG
# uhErY4P97ON98CrbcsiWM4GO+nC0pLi3j9oEvkFVGPLFX7aj5WawaJHWjqdUcrG8
# 2R62Ob8Inyg2R9hK3pwEEYH8pwB7cLjfAexxPzF7qwKBgQDEcyZjL6lmPNOosmU5
# ZO84uh/+ppQH1zObVH+Cv4Cj5/SX8i0QbjDopbMoZou0lHJUfBU8JcZYzhN4fGFt
# TEpHwHT7gcyDddoSlADB6SRcysFMuRhPOHAfdS99ItZtna+9/uS/TA6cJOlmBPIW
# 6/Znb2MexS8SkBxKKxZ3FjbuhwKBgQC1IjzKKb/HMcVspp0gLYsmZh/5/Yjf9ZkO
# poFxrlytXoBB/izx62qqn1ihCHGUpQkoVuKA60VjKuLcM9u5Ny2AzuX9ywUrApQE
# qcfmElo9eFIUn5VuBttpMJIpNugRE/XTOe7kMKGbd+dyil+Coz5e22IvQBGgGpmx
# 1XQ3oGRGgwKBgAJxaCXNnu6tjPhJF6cqESuEbQdurOKYE4U3/Mn0dbYUGV+WXGca
# 57LM9Lho5g3d1rokPONdmOTb0zQpX9DLJRVVWF8UUyXDXm3it0uyCYi54MOCfcHm
# csaBX5DP0RjV4CydsdyLJpdcgiaJozUTxCGvKe1lCFvTvPZTKNlcRlybAoGAfoA8
# yEvD/g/Ke4kZL0Hfbp/gMS1aDF9v14V93bESVJotJOmo5gOt6R+EPGKzQEbKUHvt
# kG+/c/Sdn4AwMfhRNSZKBadmIpWYXnFchFfI4ilH2dNh/weW8K3VRidsh5DTHAPX
# zVIRa4yf/aSZ85iilIjO14T9Sj2JnWMf2UGRBpUCgYBd17muOTXJ0BzD34K+vAeH
# 9c7S9PZZNuAfF/WWskIuBGhCNuIHFO7ot5IBAoTkudDTVieQXxBo/jTyidr87gUZ
# 7kI4YjFMYkH9rAolrUutVo1aKpEHcC2+1ciz8ztiyk9cUZ0s10X+h2Svsnp/HvS9
# R4X5reaQgGrUYaU6SccGoQ==
# -----END PRIVATE KEY-----
passport:
# PASSPORT_PROXY_OAUTH_CLIENT_ID=$(uuidgen);
proxyOauthClientId: "942edef5-3dbd-4a14-8e3e-d5d59b727bee"
# PASSPORT_PROXY_OAUTH_CLIENT_SECRET=$(openssl rand -base64 32);
proxyOauthClientSecret: "L6L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf"
# PASSPORT_PRIVATE_KEY=$(openssl genrsa 4096);
privateKey: "dummy"
# PASSPORT_PUBLIC_KEY=$(echo "$PASSPORT_PRIVATE_KEY" | openssl rsa -pubout 2>/dev/null)
publicKey: "dummy"
kolab:
enabled: true
debug: false
name: "Kolab"
theme: "default"
withWallet: false
withSignup: true
withFiles: true
withDistlists: true
withSharedFolders: true
withResources: true
withMeet: true
withCompanionApp: true
tenantId: null
dbSecret: "mariadb"
replicas: 1
adminSecrets: false
kolabObjectCompatMode: false
webmailUrl: "/webmail/"
servicesService: kolab
adminService: kolab
resellerService: kolab
resources:
limits:
memory: 2Gi
requests:
memory: 1Gi
# additionalFrontends:
# - domainName: beta.kolab.klab.cc
# name: "beta"
# tenantId: 4
# - domainName: demoreseller.kolab.klab.cc
# name: "demoreseller"
# tenantId: 5
# theme: "dummy"
# enableOverlay: false
# volumes:
# The volume will have to be populated with something like "oc rsync ~/src/kolab-theme-kolabnow/src/ kolab-demoreseller-68d7676c6f-82fk2:/src/overlay/"
# overlay:
# storageClassName: local-path
# capacity: 100Mi
horizon:
enabled: true
seed: true
dbSecret: "mariadb"
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
meet:
serverUrls: "http://meet/meetmedia/api/"
verifyTls: false
enabled: true
publicIp: 127.0.0.1
hostNetwork: false
webhookToken: "simple123"
serverToken: "simple123"
resources:
limits:
memory: 512Mi
coturn:
enabled: false
staticSecret: "simple123"
publicIp: "127.0.0.1"
resources:
limits:
memory: 512Mi
proxy:
enabled: true
webappBackend: http://kolab
meetBackend: http://meet
roundcubeBackend: http://roundcube
davBackend: http://imap
davPath: "/dav"
collaboraBackend: http://collabora
matrixBackend: http://matrix
sieveBackend: imap:4190
elementBackend: http://element
webmailPath: /webmail
collabora:
enabled: true
resources:
# 1Gb + 100 MB / user
limits:
memory: 10Gi
requests:
memory: 1Gi
imap:
enabled: true
replicas: 1
host: imap
port: 143
uri: "imap:143"
tls: false
tlsSecretName: null
adminLogin: "cyrus-admin"
adminPassword: "simple123"
murder:
enabled: false
externalMaster: null
externalBackends: null
+ podAnnotations: {}
resources:
limits:
memory: 2Gi
requests:
memory: 1Gi
volumes:
spool:
storageClassName: local-path
capacity: 100Mi
lib:
storageClassName: local-path
capacity: 100Mi
roundcube:
enabled: true
desKey: "+nJY+jVpVurUts490MPF7ox8T58piLqC"
skin: "kolab"
forceSkin: false
# Comma separated list of disabled plugins
disabledPlugins: null
kolabObjectCompatMode: false
davEnabled: false
replicas: 1
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
mariadb:
enabled: true
host: "mariadb"
rootPassword: "VzNsY29tMzJAcGgzbGlh"
# Used by kolab to access the roundcube mfa db
mfaDsn: "mysql://roundcube:simple123@mariadb/roundcube"
kolabDatabase: "kolabdev"
kolabUser: "kolabdev"
kolabPassword: "simple123"
kolabLegacyPassword: "simple123"
roundcubeDatabase: "roundcube"
roundcubeUser: "roundcube"
roundcubePassword: "simple123"
volumes:
data:
storageClassName: local-path
capacity: 100Mi
resources:
limits:
memory: 512Mi
redis:
enabled: true
host: redis
password: "VzNsY29tMzJAcGgzbGlh"
resources:
limits:
memory: 2Gi
postfix:
enabled: true
# Used by roundcube and kolab4 for submission
submissionHost: postfix
submissionPort: 587
submissionEncryption: "starttls"
submissionUsername: "noreply@{{ .Values.domainName }}"
# Used by the proxy to forward requests to postfix
smtpHost: postfix
smtpPort: 587
smtpEncryption: "starttls"
tlsSecretName: null
volumes:
spool:
storageClassName: local-path
capacity: 100Mi
lib:
storageClassName: local-path
capacity: 100Mi
resources:
limits:
memory: 512Mi
amavis:
clamd:
# Disabled by default because you can easily run into rate-limits.
enabled: false
resources:
limits:
memory: 500Mi
volumes:
spool:
storageClassName: local-path
capacity: 100Mi
spamassassinLib:
storageClassName: local-path
capacity: 100Mi
clamavLib:
storageClassName: local-path
capacity: 100Mi
dkim:
identifier: dkim20240318
# Generated via amavis genrsa, must match the public key in the DNS record
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA7JdTEn/T2MhB6KLbATJj4SGernbem4d7dAW7/kVRbiMB2EtP
pQCR98eeXOOHcufXVc3w4BocXEnD47JPpkFYJBXWF32m4Y2SapBYbsXndN9fyXRr
HO9wPJlW5QK5i9D/bRUznfaBJm54y+BuX0Ln/ippqFe6z3LPjmro9Y9WpRzevYG/
TT69Iug5v4U/PA1/rEv+zZGQvNxInZYF7O2MFDbD2pYi7l4hWADP+iwOEc+Li5vP
lEvOaUlSQCb06sc0/QBHDDyU2WaEJiYy/Mk2xCmSI44f3mQghmiNsu7vlPiztAYK
jNyiVk8iWDttL9OV9qQyxHL18Q74UzJR6AylrwIDAQABAoIBAQCv3AOJuq5zctda
3sK/bv9C9sSGliD9poUjRqfoZwoSPb8/USuQUI4viZezIAUsahxr0Tp8uavfBY2w
EHiX8fZcTEbpCyMigSMWRtkU7dIP04HVss1zop7gzHIEpDPbM6zJHntRrUtuj6sG
kHo6IPdku43x7dQUIxkYmWs0LCmRbChOpYAp4XR0Zs+PGEYdBh4oXnxatQnfxvVS
nEI9pzAxxWYUjlYNr9x3JkaTTEZJgPCARZ6DxdShnd96ShWgo4ncdBD6WcnBccHW
3caafPLuW9iiRmrtiZ70uHIj5fF2qkTpQEJGbM9WSlZPgr/jMX14qf08LrmTCOd7
noOXGXNhAoGBAPq92gfUIreY6gah68vt9gqhWBUY76m/QBOmhTk4uNLfYE0LfY33
6mUD08KFbeAtJDxojDjmzbXZzRdlOXFpcHUo7Sc71aGNL8WwNOXHTuhHZHa4nYJb
Nh4urkWPxlwhP2G+N+BZfZMIzxIU95TzqWA092EziTKUOKvgngUySEvpAoGBAPGN
gOXWXp0BDBrjyyMKl9WpYc4ZZeq1AB9uhIY7j5i2xL6Vj3Cg3fETJ7xcT/sOU16E
iHQEkZyKoyo3a8Of+xi+7aW+tZEqtaDe8VivTifgRxKT8hdGV9O/pXoyOtimGe7s
hMCxxfe2N2Gnz82mw41ZShMbiLZKAAWa8F/PL53XAoGBAJBv/MC1uqn4NBdN/v6i
PTEycAL3MleeC9NGAUhNHGqcsmSvUcwOG7/EzJ8pLXoNhuolb2D301gF9tabQNPL
4TQcN0B6fz1ojzRZpJ8YiKPVPFIHVvRYhnwsd8cqYyF/JXuwj490/ZlNYbsQyO3M
zqzU1gvwHAA+0cZwxZZIuMzBAoGADyjTSxleDLpxGQrsx8E1cDpWIgokBEvhuxdD
h+0bAPmPdWqLewUNiMCsAL1GY7otb0QgEC/tN4bX4KFjyP40UwRAg+NpH7gvd+4l
9WvjGsuPilHwopdOkcJ4Tyfx24DpJb6AQlul0fsElMNkXkK2CRvucy6KMO6J+9AS
f+DP2zcCgYEAlSiJHMfwHpkYUo66A5SXgDd/V9M2VZvmlImob4PZ82WGkBDpjprn
s+5fQ70ms5ff8Ld08ho2Lu/NcK6ErkJfGgykK2r8ErIsmr5t1WpuU1P+U9xA9rIR
DR8gVdvWucyKnoNTdlG23BkUpoE3a1wR5aiEboTd8XP31tmhQ50GDVg=
-----END RSA PRIVATE KEY-----
fluentbit:
enabled: false
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
vector:
enabled: true
mail:
# Used for the noreply@domainName sender
noreplyPassword: "simple123"
minio:
enabled: true
rootUser: "admin"
rootPassword: "simple123"
bucketName: data
volumes:
data:
storageClassName: local-path
capacity: 100Mi
alertmanager:
enabled: false
externalUrl: http://localhost:9093
openshift: false
openshiftRoutesEnabled: true
buildConfigSource:
ref: master
uri: https://git.kolab.org/source/kolab.git
prometheus:
enabled: true
clusterMonitoring: true
loki:
enabled: true
matrix:
enabled: false
element:
customConfig: null
resources:
limits:
memory: 100Mi
requests:
memory: 20Mi
synapse:
enabled: false
resources:
limits:
memory: 500Mi
requests:
memory: 100Mi
volumes:
data:
storageClassName: local-path
capacity: 100Mi
metallb:
addressPool: false
defaultPool:
create: false

File Metadata

Mime Type
text/x-diff
Expires
Sun, Apr 5, 9:38 PM (3 w, 1 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18831285
Default Alt Text
(17 KB)

Event Timeline