SEIT
/
rancher-charts
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Added config templates and configured redis

master
Fábio Kaiser Rauber 3 years ago
parent
93bf8a1b8a
commit
920972b6d9
5 changed files with 114 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      charts/rspamd/v0.1.0/Chart.lock
  2. 6
      charts/rspamd/v0.1.0/Chart.yaml
  3. BIN
      charts/rspamd/v0.1.0/charts/redis-17.0.1.tgz
  4. 52
      charts/rspamd/v0.1.0/templates/locald-configmap.yaml
  5. 50
      charts/rspamd/v0.1.0/values.yaml

6
charts/rspamd/v0.1.0/Chart.lock
View File

@ -0,0 +1,6 @@
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 17.0.1
digest: sha256:971c7d3e44106de73552c8dee38509fd10b0ed4d08d308ed94e5249d1862e427
generated: "2022-07-13T14:59:03.042613-03:00"

6
charts/rspamd/v0.1.0/Chart.yaml
View File

@ -14,3 +14,9 @@ version: 0.1.0
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes. # It is recommended to use it with quotes.
appVersion: "3.2.0" appVersion: "3.2.0"
# Dependencies
dependencies:
- name: redis
version: 17.0.1
repository: https://charts.bitnami.com/bitnami

BIN
charts/rspamd/v0.1.0/charts/redis-17.0.1.tgz
View File

Binary file not shown.

52
charts/rspamd/v0.1.0/templates/locald-configmap.yaml
View File

@ -0,0 +1,52 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "rspamd.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "rspamd.labels" . | nindent 4 }}
data:
ratelimit.conf: |-
rates {
# Limit for all mail per recipient (default rate 70 per day)
to = "{{ .Values.rspamd.rateLimits.to }}";
# Limit for all mail per one source ip (default rate 150 per day)
to_ip = "{{ .Values.rspamd.rateLimits.toIp }}";
# Limit for all mail per one source ip and from address (default rate 100 per day)
to_ip_from = "{{ .Values.rspamd.rateLimits.toIpFrom }}";
# Limit for all bounce mail (rate 2 per hour)
#bounce_to = "2 / 1h";
# Limit for bounce mail per one source ip (rate 1 per hour)
#bounce_to_ip = "1 / 1h";
# Limit for all mail per authenticated user (default rate 100 per day)
user = "{{ .Values.rspamd.rateLimits.user }}";
}
whitelisted_rcpts = "{{ .Values.rspamd.rateLimits.whitelisted.rcpts }}";
whitelisted_ip = "/etc/rspamd/local.d/ratelimit_whitelist.map";
max_rcpt = {{ .Values.rspamd.rateLimits.maxRcpt }};
ratelimit_whitelist.map: |-
{{- range .Values.rspamd.rateLimits.whitelisted.ips }}
{{ . }}
{{- end }}
redis.conf: |-
servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}";
db = "3";
password = "{{ .Values.redis.auth.password }}";
worker-proxy.inc: |-
milter = {{ .Values.rspamd.workerProxy.milter }};
bind_socket = "*:11332"
timeout = {{ .Values.rspamd.workerProxy.timeout }};
upstream "local" {
default = yes; # Self-scan upstreams are always default
self_scan = yes; # Enable self-scan
}
count = {{ .Values.rspamd.workerProxy.count }}; # Spawn more processes in self-scan mode
max_retries = {{ .Values.rspamd.workerProxy.maxRetries }}; # How many times master is queried in case of failure
discard_on_reject = {{ .Values.rspamd.workerProxy.discardOnReject }}; # Discard message instead of rejection
quarantine_on_reject = {{ .Values.rspamd.workerProxy.quarantineOnReject }}; # Tell MTA to quarantine rejected messages
spam_header = "{{ .Values.rspamd.workerProxy.spamHeader }}"; # Use the specific spam header
reject_message = "{{ .Values.rspamd.workerProxy.rejectMessage }}"; # Use custom rejection message
worker-normal.inc: |-
# Disable worker-normal in Milter mode
worker "normal" {
enabled = false;
}

50
charts/rspamd/v0.1.0/values.yaml
View File

@ -26,6 +26,33 @@ securityContext: {}
rspamd: rspamd:
password: apassword password: apassword
rateLimits:
# Limit for all mail per recipient (default rate 70 per day)
to: "70 / 1d"
# Limit for all mail per one source ip (default rate 150 per day)
toIp: "150 / 1d"
# Limit for all mail per one source ip and from address (default rate 100 per day)
toIpFrom: "100 / 1d"
# Limit for all mail per authenticated user (default rate 100 per day)
user: "100 / 1d"
maxRcpt: 50
whitelisted:
rcpts: "postmaster,mailer-daemon,<>"
ips:
- "127.0.0.1"
- "192.168.0.0/16"
- "172.16.0.0/12"
- "10.0.0.0/8"
- "[::1]/128"
workerProxy:
milter: "yes"
timeout: "120s"
count: 4 # Spawn more processes in self-scan mode
maxRetries: 5 # How many times master is queried in case of failure
discardOnReject: false # Discard message instead of rejection
quarantineOnReject: false # Tell MTA to quarantine rejected messages
spamHeader: "X-Spam" # Use the specific spam header
rejectMessage: "Spam message rejected" # Use custom rejection message
service: service:
type: ClusterIP type: ClusterIP
@ -69,3 +96,26 @@ nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Redis definitions
redis:
image:
tag: 7.0.3-debian-11-r0
pullPolicy: IfNotPresent
architecture: standalone
auth:
enabled: true
password: agoodredispassword
master:
persistence:
enabled: true
accessModes:
- ReadWriteOnce
size: 2Gi
resources:
requests:
cpu: 50m
memory: 150Mi
limits:
cpu: 800m
memory: 1Gi
Write Preview
Loading…
Cancel
Save