sovereign/helm/sovereign/templates/roundcube.yaml

{{- if .Values.roundcube.enabled }}
# -------------------------------------------------------------------------
# ROUNDCUBE — PostgreSQL + Roundcube webmail
# -------------------------------------------------------------------------

# ConfigMap for custom.inc.php overrides
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Release.Name }}-roundcube-config
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
data:
  custom.inc.php: |
    <?php
    // Additional Roundcube configuration overrides.
    // Add site-specific settings here.
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ .Release.Name }}-roundcube-db
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
spec:
  accessModes: [ReadWriteOnce]
  {{- include "sovereign.storageClass" .Values.global.storageClass | nindent 2 }}
  resources:
    requests:
      storage: {{ .Values.roundcube.persistence.dbSize }}
---
# --- PostgreSQL ---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-roundcube-db
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
    app.kubernetes.io/component: roundcube-db
spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "sovereign.selectorLabels" (dict "root" . "component" "roundcube-db") | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "sovereign.selectorLabels" (dict "root" . "component" "roundcube-db") | nindent 8 }}
    spec:
      containers:
        - name: postgres
          image: postgres:16-alpine
          env:
            - name: POSTGRES_DB
              value: roundcube
            - name: POSTGRES_USER
              value: roundcube
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-roundcube
                  key: dbPassword
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: {{ .Release.Name }}-roundcube-db
---
apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}-roundcube-db
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
spec:
  selector:
    {{- include "sovereign.selectorLabels" (dict "root" . "component" "roundcube-db") | nindent 4 }}
  ports:
    - port: 5432
      targetPort: 5432
---
# --- Roundcube ---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-roundcube
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
    app.kubernetes.io/component: roundcube
spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "sovereign.selectorLabels" (dict "root" . "component" "roundcube") | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "sovereign.selectorLabels" (dict "root" . "component" "roundcube") | nindent 8 }}
    spec:
      containers:
        - name: roundcube
          image: roundcube/roundcubemail:{{ .Values.roundcube.version }}
          env:
            - name: ROUNDCUBEMAIL_DB_TYPE
              value: pgsql
            - name: ROUNDCUBEMAIL_DB_HOST
              value: {{ .Release.Name }}-roundcube-db
            - name: ROUNDCUBEMAIL_DB_NAME
              value: roundcube
            - name: ROUNDCUBEMAIL_DB_USER
              value: roundcube
            - name: ROUNDCUBEMAIL_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-roundcube
                  key: dbPassword
            - name: ROUNDCUBEMAIL_DEFAULT_HOST
              value: ssl://{{ .Release.Name }}-stalwart
            - name: ROUNDCUBEMAIL_DEFAULT_PORT
              value: "993"
            - name: ROUNDCUBEMAIL_SMTP_SERVER
              value: tls://{{ .Release.Name }}-stalwart
            - name: ROUNDCUBEMAIL_SMTP_PORT
              value: "587"
            - name: ROUNDCUBEMAIL_DES_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-roundcube
                  key: desKey
            - name: ROUNDCUBEMAIL_PLUGINS
              value: "archive,zipdownload,managesieve,jqueryui"
            - name: ROUNDCUBEMAIL_SKIN
              value: {{ .Values.roundcube.skin | quote }}
          ports:
            - name: http
              containerPort: 80
          volumeMounts:
            - name: config
              mountPath: /var/roundcube/config/custom.inc.php
              subPath: custom.inc.php
      volumes:
        - name: config
          configMap:
            name: {{ .Release.Name }}-roundcube-config
---
apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}-roundcube
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
spec:
  selector:
    {{- include "sovereign.selectorLabels" (dict "root" . "component" "roundcube") | nindent 4 }}
  ports:
    - name: http
      port: 80
      targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ .Release.Name }}-roundcube
  labels:
    {{- include "sovereign.labels" . | nindent 4 }}
  annotations:
    {{- include "sovereign.ingressAnnotations" . | nindent 4 }}
spec:
  ingressClassName: {{ .Values.global.ingressClassName }}
  rules:
    - host: webmail.{{ .Values.global.baseDomain }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ .Release.Name }}-roundcube
                port:
                  name: http
  tls:
    - hosts:
        - webmail.{{ .Values.global.baseDomain }}
      secretName: {{ .Release.Name }}-roundcube-tls
{{- end }}