rancher-charts/charts/rspamd/v0.1.0/values.yaml

# Default values for rspamd.
replicaCount: 1

image:
  repository: interlegis/alpine-rspamd
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

podAnnotations: {}

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

rspamd:
  password: apassword
  rateLimits:
    # Limit for all mail per recipient (default rate 70 per day)
    to: "70 / 1d"
    # Limit for all mail per one source ip (default rate 150 per day)
    toIp: "150 / 1d"
    # Limit for all mail per one source ip and from address (default rate 100 per day)
    toIpFrom: "100 / 1d"
    # Limit for all mail per authenticated user (default rate 100 per day)
    user: "100 / 1d"
    maxRcpt: 50
    whitelisted:
      rcpts: "postmaster,mailer-daemon,<>"
      ips:
        - "127.0.0.1"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
        - "10.0.0.0/8"
        - "[::1]/128"
  dkimSigning:
    # If false, messages with empty envelope from are not signed
    allow_envfrom_empty: "true"
    # If true, envelope/header domain mismatch is ignored
    allow_hdrfrom_mismatch: "false"
    # If true, multiple from headers are allowed (but only first is used)
    allow_hdrfrom_multiple: "true"
    # If true, username does not need to contain matching domain
    allow_username_mismatch: "false"
    # If false, messages from authenticated users are not selected for signing
    auth_only: "true"
    # Default path to key, can include 'domain' and 'selector' variables
    path: "/var/lib/rspamd/dkim/$domain.$selector.key"
    # Default selector to use
    selector: "dkim"
    # If false, messages from local networks are not selected for signing
    sign_local: "true"
    # Symbol to add when message is signed
    symbol: "DKIM_SIGNED"
    # Whether to fallback to global config
    try_fallback: "true"
    # Domain to use for DKIM signing: can be "header" or "envelope"
    use_domain: "header"
    # Whether to normalise domains to eSLD
    use_esld: "false"
    # Whether to get keys from Redis
    use_redis: "false"
    # Hash for DKIM keys in Redis
    key_prefix: "DKIM_KEYS"

  workerProxy:
    milter: "yes"
    timeout: "120s"
    count: 4 # Spawn more processes in self-scan mode
    maxRetries: 5 # How many times master is queried in case of failure
    discardOnReject: false # Discard message instead of rejection
    quarantineOnReject: false # Tell MTA to quarantine rejected messages
    spamHeader: "X-Spam" # Use the specific spam header
    rejectMessage: "Spam message rejected" # Use custom rejection message

service:
  type: ClusterIP
  ports:
    antispam: 11333
    http: 11334
    milter: 11332

ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

resources: {}
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

autoscaling:
  enabled: false
  minReplicas: 2
  maxReplicas: 6
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}

# Redis definitions
redis:
  image:
    tag: 7.0.3-debian-11-r0
    pullPolicy: IfNotPresent
  architecture: standalone
  auth:
    enabled: true
    password: agoodredispassword
  master: 
    persistence:
      enabled: true
      accessModes:
        - ReadWriteOnce
      size: 2Gi
    resources:
      requests:
        cpu: 50m
        memory: 150Mi
      limits:
        cpu: 800m
        memory: 1Gi