409 lines
11 KiB
YAML
409 lines
11 KiB
YAML
## Roundcube Docker image
|
|
image: roundcube/roundcubemail:{{ .Chart.AppVersion }}-fpm-alpine
|
|
|
|
## ImagePullPolicy for Roundcube Docker image
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
## RBAC Role Based Access Control for resources
|
|
rbac:
|
|
# Specifies whether RBAC resources should be created
|
|
create: false
|
|
rules: []
|
|
## Enable RBAC rules
|
|
# - apiGroups:
|
|
# - myApiGroups
|
|
# resourceNames:
|
|
# - myResourceNames
|
|
# resources:
|
|
# - myResources
|
|
# verbs:
|
|
# - use
|
|
|
|
## Service Account for Deployment
|
|
serviceAccount:
|
|
# Specifies whether ServiceAccount resource should be created
|
|
create: false
|
|
# The name of the ServiceAccount to use.
|
|
# If not set and create is true, a name is generated using a template
|
|
name: ""
|
|
additionalLabels: {}
|
|
additionalAnnotations: {}
|
|
|
|
## Roundcube Core Configuration
|
|
config:
|
|
|
|
## DES Key for session encryption.
|
|
## Will be generated randomly if not set.
|
|
desKey:
|
|
|
|
## User interface default language.
|
|
defaultLanguage: en_US
|
|
|
|
## Allow for custom skin installation
|
|
skins:
|
|
classic:
|
|
enabled: false
|
|
composerPackage:
|
|
name: roundcube/classic
|
|
version: 1.6.0
|
|
|
|
larry:
|
|
enabled: false
|
|
composerPackage:
|
|
name: roundcube/larry
|
|
version: 1.6.1
|
|
|
|
## custom skin example
|
|
#custom:
|
|
# enabled: true
|
|
# composerPackage:
|
|
# name: custom (defaults to roundcube/{{ skin name }})
|
|
# version: 1.0 (defaults to rounddube version)
|
|
|
|
## User interface default skin.
|
|
defaultSkin: elastic
|
|
|
|
## Plugin configuration
|
|
plugins:
|
|
|
|
## https://github.com/roundcube/roundcubemail/blob/master/plugins/managesieve/config.inc.php.dist
|
|
managesieve:
|
|
enabled: false
|
|
config:
|
|
host: "%h:4190"
|
|
useTls: true
|
|
|
|
## Context menu plugin: Adds context menus with common tasks to various parts of Roundcube
|
|
## https://packagist.org/packages/johndoh/contextmenu
|
|
## Example for a dynamically installed plugin (via composer)
|
|
contextmenu:
|
|
|
|
## Enabled installing and loading the plugin.
|
|
enabled: false
|
|
|
|
## composer package information
|
|
composerPackage:
|
|
name: "johndoh/contextmenu"
|
|
version: "3.3"
|
|
|
|
## Maximum allowed upload file size (e.g., for attachmentes).
|
|
## Do not forget to adjust ingress accordingly, e.g., by adding the following annotation:
|
|
## nginx.ingress.kubernetes.io/proxy-body-size: 25m
|
|
uploadMaxFilesize: 25M
|
|
|
|
## Custom Roundcube configuration parameters
|
|
customRoundcubeConfig: |
|
|
/*
|
|
* Custom Roundcube Configuration values
|
|
* Check https://github.com/roundcube/roundcubemail/wiki/Configuration for available options.
|
|
*/
|
|
|
|
// $config['skin_logo'] = "";
|
|
// $config['support_url'] = "https://roundcube.net/";
|
|
|
|
## Custom configuration for PHP interpreter
|
|
customPhpConfig: |
|
|
## Configure custom memory limit for PHP
|
|
# memory_limit=128M
|
|
|
|
## Custom configuration for PHP-FPM
|
|
## Comment lines with semicolumn (;) in this file
|
|
## don't use pound (#) to comment lines
|
|
customPhpFpmConfig: |
|
|
;pm.max_children=200
|
|
;pm.status_path=/status
|
|
|
|
## Configure database creation/usage
|
|
database:
|
|
## Which database source should be used
|
|
## Supported values:
|
|
## * external: Do not create a database, but use an existing external database. See `externalDatabase` for further configuration.
|
|
## * zalando-postgres: Request a database to be created by Zalando Postgres operator (https://github.com/zalando/postgres-operator, operator needs to be preinstalled)
|
|
source: external
|
|
|
|
## Number of database cluster instances to be launched
|
|
## (only applicable for source=zalando-postgres)
|
|
instances:
|
|
|
|
## Size of the volume to be created for the database
|
|
volumeSize: 5Gi
|
|
|
|
## Name of the StorageClass to be used for the volume
|
|
storageClassName:
|
|
|
|
## Configuration for an external database (not deployed within this chart)
|
|
## When working with a NetworkPolicy, add an egress rule to networkPolicy.egress.additionalRules to allow access to the database.
|
|
externalDatabase:
|
|
## Type of the external database. supported: mysql, pgsql, sqlite
|
|
type: pgsql
|
|
|
|
## Hostname of the external database server
|
|
host: postgres13.postgres
|
|
|
|
## Port number of the external database server
|
|
port: 5432
|
|
|
|
## Database name
|
|
name: roundkube
|
|
|
|
## Username for the external database server
|
|
user: roundkube
|
|
|
|
## Password for the external database server
|
|
password: roundkube
|
|
|
|
## IMAP settings
|
|
imap:
|
|
## Hostname or IP address of your IMAP server
|
|
host: mail.allarddcs.nl
|
|
|
|
## IMAP port. Default ports depending on encryption setting:
|
|
## 143 - none, STARTTLS
|
|
## 993 - SSL/TLS (recommended)
|
|
port: 143
|
|
|
|
## Transport encryption. Please change port accordingly. Allowed values:
|
|
## none - no encryption
|
|
## starttls - use STARTTLS
|
|
## ssltls - use SSL/TLS (recommended)
|
|
encryption: starttls
|
|
|
|
|
|
## SMTP settings
|
|
smtp:
|
|
## Hostname or IP address of your SMTP server
|
|
host: mail.allarddcs.nl
|
|
|
|
## SMTP port. Default ports depending on encryption setting:
|
|
## 25 - none
|
|
## 465 - SSL/TLS
|
|
## 587 - STARTTLS (recommended)
|
|
port: 587
|
|
|
|
## Transport encryption. Please change port accordingly. Allowed values:
|
|
## none - no encryption
|
|
## starttls - use STARTTLS
|
|
## ssltls - use SSL/TLS (recommended)
|
|
encryption: starttls
|
|
|
|
## SMTP username (use "%u" tp use IMAP username)
|
|
username: "%u"
|
|
|
|
## SMTP password (use "%p" tp use IMAP password)
|
|
password: "%p"
|
|
|
|
|
|
## Additional configuration for the ConfigMap resource
|
|
configMap:
|
|
## Additional labels for the ConfigMap resource
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the ConfigMap resource
|
|
additionalAnnotations: {}
|
|
|
|
|
|
## Additional configuration for the Secret resource
|
|
secret:
|
|
## Additional labels for the Secret resource
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the Secret resource
|
|
additionalAnnotations: {}
|
|
|
|
|
|
## Additional configuration for the Deployment resource
|
|
deployment:
|
|
## Number of instances of Roundcube to be started
|
|
replicas: 1
|
|
|
|
## Deployment strategy (see https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec)
|
|
strategy:
|
|
## Deployment strategy type
|
|
type: RollingUpdate
|
|
|
|
## Roundcube container's HTTP port
|
|
port: 80
|
|
|
|
## Define additional ImagePullSecrets.
|
|
imagePullSecrets:
|
|
## You can refer to existing ImagePullSecrets as follows:
|
|
# - name: my-custom-secret
|
|
|
|
## Additional labels for the Deployment resource
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the Deployment resource
|
|
additionalAnnotations: {}
|
|
|
|
## Pod affinity rule preset (see https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/)
|
|
podAffinityPreset: ""
|
|
|
|
## Pod anti affinity rule preset (see https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/)
|
|
podAntiAffinityPreset: hard
|
|
|
|
## Custom affinity rules (overrides podAffinityPreset and podAntiAffinityPreset)
|
|
affinity: {}
|
|
|
|
## Configure resource allocation and limits
|
|
# resources:
|
|
# requests:
|
|
# memory: "256Mi"
|
|
# cpu: "1000m"
|
|
# limits:
|
|
# memory: "256Mi"
|
|
# cpu: "1000m"
|
|
|
|
## Allow defining custom actions to be executed before deploying main container (e.g.: to prepare database)
|
|
initContainers: []
|
|
# - name: init
|
|
# image: alpine:3
|
|
# command: [sh, -c]
|
|
# args:
|
|
# - echo "Hello, world!" > /mnt/extra-storage/test
|
|
# volumeMounts:
|
|
# - name: extra-storage
|
|
# mountPath: /mnt/extra-storage
|
|
|
|
## Additional volume mounts for the Deployment resource
|
|
additionalVolumeMounts: []
|
|
# - name: extra-storage
|
|
# mountPath: /mnt/extra-storage
|
|
|
|
## Additional volumes for the Deployment resource
|
|
additionalVolumes: []
|
|
# - name: extra-storage
|
|
# emptyDir: {}
|
|
|
|
## Additional environment variables for the Deployment resource
|
|
additionalEnv: []
|
|
# - name: MY_ENV_VAR
|
|
# value: value
|
|
|
|
containers:
|
|
nginx:
|
|
image: nginx:1.25.4
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
|
|
## Additional configuration for the Service resource
|
|
service:
|
|
## Service port for HTTP
|
|
port: 80
|
|
|
|
|
|
## Additional labels for the Service resource
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the Service resource
|
|
additionalAnnotations: {}
|
|
|
|
## https://kubernetes.io/docs/concepts/services-networking/dual-stack/
|
|
ipFamilyPolicy: PreferDualStack
|
|
|
|
|
|
## Ingress resource configuration
|
|
ingress:
|
|
## Enable Ingress resource
|
|
enabled: true
|
|
## Whether deploy https or plain http ingress
|
|
useTLS: true
|
|
|
|
class:
|
|
host: roundcube.allarddcs.nl
|
|
path: "/"
|
|
pathType: ImplementationSpecific
|
|
Classname: nginx
|
|
|
|
## TLS settings
|
|
tls:
|
|
|
|
## Configure secret name, e.g., to re-use an existing secret
|
|
secretName:
|
|
|
|
## Additional labels for the Ingress resource
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the Ingress resource
|
|
additionalAnnotations: {}
|
|
|
|
|
|
## PodDisruptionBudget configuration
|
|
pdb:
|
|
## Enable PodDisruptionBudget
|
|
enabled: true
|
|
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
|
|
|
|
## Additional labels for the PodDisruptionBudget resource
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the PodDisruptionBudget resource
|
|
additionalAnnotations: {}
|
|
|
|
|
|
## NetworkPolicy configuration
|
|
## A NetworkPolicy can prevent unauthorized access to remote hosts on network level.
|
|
## By default, if enabled, the NetworkPolicy allows to connect to any IP with the IMAP and SMTP ports configured above.
|
|
## This also applies for the managesieve plugin, if enabled.
|
|
## More information on network policies: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
networkPolicy:
|
|
|
|
## Create a NetworkPolicy resource
|
|
enabled: false
|
|
|
|
## Egress policies for Roundcube environment
|
|
egress:
|
|
## IMAP related Egress policies
|
|
imap:
|
|
|
|
## Explicitely configure allowed peers for the IMAP connection.
|
|
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
|
|
peers:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
|
|
|
|
## SMTP related Egress policies
|
|
smtp:
|
|
|
|
## Explicitely configure allowed peers for the SMTP connection.
|
|
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
|
|
peers:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
|
|
|
|
## managesieve related Egress policies
|
|
managesieve:
|
|
|
|
## Explicitely configure allowed peers for the managesieve connection. Will only be used if managesieve plugin is enabled.
|
|
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
|
|
peers:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
|
|
|
|
## Add additional, custom egress rules.
|
|
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicyegressrule-v1-networking-k8s-io.
|
|
additionalRules: []
|
|
## Example rule for a zalando postgres cluster called "shared-postgres" in namespace "postgres"
|
|
# - to:
|
|
# - namespaceSelector:
|
|
# matchLabels:
|
|
# kubernetes.io/metadata.name: postgres
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# cluster-name: shared-postgres
|
|
# ports:
|
|
# - port: 5432
|
|
# protocol: TCP
|
|
|
|
|
|
## Additional labels for the NetworkPolicy
|
|
additionalLabels: {}
|
|
|
|
## Additional annotations for the NetworkPolicy
|
|
additionalAnnotations: {}
|