initial commit

lp/roundcube/README.md

@@ -0,0 +1,4 @@
+helm repo add mlohr https://helm-charts.mlohr.com/
+helm repo update
+
+helm install roundcube mlohr/roundcube -f values.yaml -n mail

lp/roundcube/catalog-info.yaml

@@ -0,0 +1,11 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: lp-roundcube
+  title: Roundcube (lp)
+spec:
+  type: service
+  lifecycle: production
+  owner: platform-team
+  partOf:
+    - ../catalog-info.yaml

lp/roundcube/certificate.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: roudcube-lp.allarddcs.nl-tls
+  namespace: mail
+spec:
+  dnsNames:
+  - roundcube-lp.allarddcs.nl
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: letsencrypt
+  secretName: roundcube-lp.allarddcs.nl-tls
+  usages:
+  - digital signature
+  - key encipherment

lp/roundcube/ingressroute-tls.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: roundcube-tls
+  namespace: mail
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`roundcube-lp.allarddcs.nl`)
+    services:
+    - name: roundcube
+      port: 80
+  tls:
+    secretName: roundcube-lp.allarddcs.nl-tls
+#    certResolver: letsencrypt

lp/roundcube/install.sh

@@ -0,0 +1,2 @@
+microk8s helm install roundcube mlohr/roundcube -f values.yaml -n mail
+microk8s kubectl get pod -n mail | grep roundcube 

lp/roundcube/uninstall.sh

@@ -0,0 +1 @@
+microk8s helm uninstall roundcube  -n mail

lp/roundcube/upgrade.sh

@@ -0,0 +1 @@
+microk8s helm upgrade roundcube mlohr/roundcube -f values.yaml -n mail

lp/roundcube/values.yaml

@@ -0,0 +1,408 @@
+## Roundcube Docker image
+image: roundcube/roundcubemail:{{ .Chart.AppVersion }}-fpm-alpine
+
+## ImagePullPolicy for Roundcube Docker image
+imagePullPolicy: IfNotPresent
+
+## RBAC Role Based Access Control for resources
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: false
+  rules: []
+  ## Enable RBAC rules
+    #  - apiGroups:
+    #    - myApiGroups
+    #    resourceNames:
+    #    - myResourceNames
+    #    resources:
+    #    - myResources
+    #    verbs:
+    #    - use
+
+## Service Account for Deployment
+serviceAccount:
+  # Specifies whether ServiceAccount resource should be created
+  create: false
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using a template
+  name: ""
+  additionalLabels: {}
+  additionalAnnotations: {}
+
+## Roundcube Core Configuration
+config:
+
+  ## DES Key for session encryption.
+  ## Will be generated randomly if not set.
+  desKey:
+
+  ## User interface default language.
+  defaultLanguage: en_US
+
+  ## Allow for custom skin installation
+  skins:
+    classic:
+      enabled: false
+      composerPackage:
+        name: roundcube/classic
+        version: 1.6.0
+
+    larry:
+      enabled: false
+      composerPackage:
+        name: roundcube/larry
+        version: 1.6.1
+
+    ## custom skin example
+    #custom:
+    #  enabled: true
+    #  composerPackage:
+    #    name: custom (defaults to roundcube/{{ skin name }})
+    #    version: 1.0 (defaults to rounddube version)
+
+  ## User interface default skin.
+  defaultSkin: elastic
+
+  ## Plugin configuration
+  plugins:
+
+    ## https://github.com/roundcube/roundcubemail/blob/master/plugins/managesieve/config.inc.php.dist
+    managesieve:
+      enabled: false
+      config:
+        host: "%h:4190"
+        useTls: true
+
+    ## Context menu plugin: Adds context menus with common tasks to various parts of Roundcube
+    ## https://packagist.org/packages/johndoh/contextmenu
+    ## Example for a dynamically installed plugin (via composer)
+    contextmenu:
+
+      ## Enabled installing and loading the plugin.
+      enabled: false
+
+      ## composer package information
+      composerPackage:
+        name: "johndoh/contextmenu"
+        version: "3.3"
+
+  ## Maximum allowed upload file size (e.g., for attachmentes).
+  ## Do not forget to adjust ingress accordingly, e.g., by adding the following annotation:
+  ##   nginx.ingress.kubernetes.io/proxy-body-size: 25m
+  uploadMaxFilesize: 25M
+
+  ## Custom Roundcube configuration parameters
+  customRoundcubeConfig: |
+    /*
+     * Custom Roundcube Configuration values
+     * Check https://github.com/roundcube/roundcubemail/wiki/Configuration for available options.
+     */
+
+    // $config['skin_logo'] = "";
+    // $config['support_url'] = "https://roundcube.net/";
+
+  ## Custom configuration for PHP interpreter
+  customPhpConfig: |
+    ## Configure custom memory limit for PHP
+    # memory_limit=128M
+
+  ## Custom configuration for PHP-FPM
+  ## Comment lines with semicolumn (;) in this file
+  ## don't use pound (#) to comment lines
+  customPhpFpmConfig: |
+    ;pm.max_children=200
+    ;pm.status_path=/status
+
+## Configure database creation/usage
+database:
+  ## Which database source should be used
+  ## Supported values:
+  ##   * external:         Do not create a database, but use an existing external database. See `externalDatabase` for further configuration.
+  ##   * zalando-postgres: Request a database to be created by Zalando Postgres operator (https://github.com/zalando/postgres-operator, operator needs to be preinstalled)
+  source: external
+
+  ## Number of database cluster instances to be launched
+  ## (only applicable for source=zalando-postgres)
+  instances: 
+
+  ## Size of the volume to be created for the database
+  volumeSize: 5Gi
+
+  ## Name of the StorageClass to be used for the volume
+  storageClassName:
+
+## Configuration for an external database (not deployed within this chart)
+## When working with a NetworkPolicy, add an egress rule to networkPolicy.egress.additionalRules to allow access to the database.
+externalDatabase:
+  ## Type of the external database. supported: mysql, pgsql, sqlite
+  type: pgsql
+
+  ## Hostname of the external database server
+  host: postgres13.postgres
+
+  ## Port number of the external database server
+  port: 5432
+
+  ## Database name
+  name: roundkube
+
+  ## Username for the external database server
+  user: roundkube
+
+  ## Password for the external database server
+  password: roundkube
+
+## IMAP settings
+imap:
+  ## Hostname or IP address of your IMAP server
+  host: mail.allarddcs.nl
+
+  ## IMAP port. Default ports depending on encryption setting:
+  ##   143 - none, STARTTLS
+  ##   993 - SSL/TLS (recommended)
+  port: 143
+
+  ## Transport encryption. Please change port accordingly. Allowed values:
+  ##   none     - no encryption
+  ##   starttls - use STARTTLS
+  ##   ssltls   - use SSL/TLS (recommended)
+  encryption: starttls
+
+
+## SMTP settings
+smtp:
+  ## Hostname or IP address of your SMTP server
+  host: mail.allarddcs.nl
+
+  ## SMTP port. Default ports depending on encryption setting:
+  ##    25 - none
+  ##   465 - SSL/TLS
+  ##   587 - STARTTLS (recommended)
+  port: 587
+
+  ## Transport encryption. Please change port accordingly. Allowed values:
+  ##   none     - no encryption
+  ##   starttls - use STARTTLS
+  ##   ssltls   - use SSL/TLS (recommended)
+  encryption: starttls
+
+  ## SMTP username (use "%u" tp use IMAP username)
+  username: "%u"
+
+  ## SMTP password (use "%p" tp use IMAP password)
+  password: "%p"
+
+
+## Additional configuration for the ConfigMap resource
+configMap:
+  ## Additional labels for the ConfigMap resource
+  additionalLabels: {}
+
+  ## Additional annotations for the ConfigMap resource
+  additionalAnnotations: {}
+
+
+## Additional configuration for the Secret resource
+secret:
+  ## Additional labels for the Secret resource
+  additionalLabels: {}
+
+  ## Additional annotations for the Secret resource
+  additionalAnnotations: {}
+
+
+## Additional configuration for the Deployment resource
+deployment:
+  ## Number of instances of Roundcube to be started
+  replicas: 1
+
+  ## Deployment strategy (see https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec)
+  strategy:
+    ## Deployment strategy type
+    type: RollingUpdate
+
+  ## Roundcube container's HTTP port
+  port: 80
+
+  ## Define additional ImagePullSecrets.
+  imagePullSecrets:
+    ## You can refer to existing ImagePullSecrets as follows:
+    # - name: my-custom-secret
+
+  ## Additional labels for the Deployment resource
+  additionalLabels: {}
+
+  ## Additional annotations for the Deployment resource
+  additionalAnnotations: {}
+
+  ## Pod affinity rule preset (see https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/)
+  podAffinityPreset: ""
+
+  ## Pod anti affinity rule preset (see https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/)
+  podAntiAffinityPreset: hard
+
+  ## Custom affinity rules (overrides podAffinityPreset and podAntiAffinityPreset)
+  affinity: {}
+
+  ## Configure resource allocation and limits
+  # resources:
+  #   requests:
+  #     memory: "256Mi"
+  #     cpu: "1000m"
+  #   limits:
+  #     memory: "256Mi"
+  #     cpu: "1000m"
+
+  ## Allow defining custom actions to be executed before deploying main container (e.g.: to prepare database)
+  initContainers: []
+  #  - name: init
+  #    image: alpine:3
+  #    command: [sh, -c]
+  #    args:
+  #      - echo "Hello, world!" > /mnt/extra-storage/test
+  #    volumeMounts:
+  #      - name: extra-storage
+  #        mountPath: /mnt/extra-storage
+
+  ## Additional volume mounts for the Deployment resource
+  additionalVolumeMounts: []
+  #  - name: extra-storage
+  #    mountPath: /mnt/extra-storage
+
+  ## Additional volumes for the Deployment resource
+  additionalVolumes: []
+  #  - name: extra-storage
+  #    emptyDir: {}
+
+  ## Additional environment variables for the Deployment resource
+  additionalEnv: []
+  #  - name: MY_ENV_VAR
+  #    value: value
+
+  containers:
+    nginx:
+      image: nginx:1.25.4
+      imagePullPolicy: IfNotPresent
+
+
+## Additional configuration for the Service resource
+service:
+  ## Service port for HTTP
+  port: 80
+
+
+  ## Additional labels for the Service resource
+  additionalLabels: {}
+
+  ## Additional annotations for the Service resource
+  additionalAnnotations: {}
+
+  ## https://kubernetes.io/docs/concepts/services-networking/dual-stack/
+  ipFamilyPolicy: PreferDualStack
+
+
+## Ingress resource configuration
+ingress:
+  ## Enable Ingress resource
+  enabled: true
+  ## Whether deploy https or plain http ingress
+  useTLS: true
+
+  class:
+  host: roundcube.allarddcs.nl
+  path: "/"
+  pathType: ImplementationSpecific
+  Classname: nginx
+
+  ## TLS settings
+  tls:
+
+    ## Configure secret name, e.g., to re-use an existing secret
+    secretName:
+
+  ## Additional labels for the Ingress resource
+  additionalLabels: {}
+
+  ## Additional annotations for the Ingress resource
+  additionalAnnotations: {}
+
+
+## PodDisruptionBudget configuration
+pdb:
+  ## Enable PodDisruptionBudget
+  enabled: true
+
+  minAvailable: 1
+  maxUnavailable: ""
+
+
+  ## Additional labels for the PodDisruptionBudget resource
+  additionalLabels: {}
+
+  ## Additional annotations for the PodDisruptionBudget resource
+  additionalAnnotations: {}
+
+
+## NetworkPolicy configuration
+## A NetworkPolicy can prevent unauthorized access to remote hosts on network level.
+## By default, if enabled, the NetworkPolicy allows to connect to any IP with the IMAP and SMTP ports configured above.
+## This also applies for the managesieve plugin, if enabled.
+## More information on network policies: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+networkPolicy:
+
+  ## Create a NetworkPolicy resource
+  enabled: false
+
+  ## Egress policies for Roundcube environment
+  egress:
+    ## IMAP related Egress policies
+    imap:
+
+      ## Explicitely configure allowed peers for the IMAP connection.
+      ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
+      peers:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+
+
+    ## SMTP related Egress policies
+    smtp:
+
+      ## Explicitely configure allowed peers for the SMTP connection.
+      ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
+      peers:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+
+
+    ## managesieve related Egress policies
+    managesieve:
+
+      ## Explicitely configure allowed peers for the managesieve connection. Will only be used if managesieve plugin is enabled.
+      ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
+      peers:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+
+
+    ## Add additional, custom egress rules.
+    ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicyegressrule-v1-networking-k8s-io.
+    additionalRules: []
+    ## Example rule for a zalando postgres cluster called "shared-postgres" in namespace "postgres"
+    #  - to:
+    #    - namespaceSelector:
+    #        matchLabels:
+    #          kubernetes.io/metadata.name: postgres
+    #    - podSelector:
+    #        matchLabels:
+    #          cluster-name: shared-postgres
+    #    ports:
+    #      - port: 5432
+    #        protocol: TCP
+
+
+  ## Additional labels for the NetworkPolicy
+  additionalLabels: {}
+
+  ## Additional annotations for the NetworkPolicy
+  additionalAnnotations: {}