Mailu
diff --git a/‎.github/workflows/lint-and-test.yaml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/lint-and-test.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎charts/mailu/README.md‎
Lines changed: 16 additions & 1 deletion b/‎charts/mailu/README.md‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎charts/mailu/ci/helm-lint-values.yaml‎
Lines changed: 86 additions & 0 deletions b/‎charts/mailu/ci/helm-lint-values.yaml‎
Lines changed: 86 additions & 0 deletions
diff --git a/‎charts/mailu/templates/NOTES.txt‎
Lines changed: 2 additions & 0 deletions b/‎charts/mailu/templates/NOTES.txt‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎charts/mailu/templates/_helpers.tpl‎
Lines changed: 9 additions & 0 deletions b/‎charts/mailu/templates/_helpers.tpl‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎charts/mailu/templates/dovecot/deployment.yaml‎
Lines changed: 5 additions & 0 deletions b/‎charts/mailu/templates/dovecot/deployment.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎charts/mailu/templates/dovecot/service.yaml‎
Lines changed: 5 additions & 0 deletions b/‎charts/mailu/templates/dovecot/service.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎charts/mailu/templates/dovecot/servicemonitor.yaml‎
Lines changed: 34 additions & 0 deletions b/‎charts/mailu/templates/dovecot/servicemonitor.yaml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎charts/mailu/templates/network-policies.yaml‎
Lines changed: 0 additions & 166 deletions b/‎charts/mailu/templates/network-policies.yaml‎
Lines changed: 0 additions & 166 deletions
@@ -72,6 +72,11 @@ jobs:
           kubectl -n kube-system rollout restart deployment coredns
           kubectl -n kube-system rollout status deployment coredns --timeout=120s
 
+      - name: Install Prometheus CRDs (required for serviceMonitors)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/bundle.yaml
+
       - name: Run chart-testing (install)
         id: install
         if: steps.list-changed.outputs.changed == 'true'
 
@@ -166,6 +166,11 @@ Check that the deployed pods are all running.
   app.kubernetes.io/instance: ingress-nginx
   app.kubernetes.io/component: controller
 ` |
+| `networkPolicy.monitoring.namespace`          | Namespace where the monitoring pods are deployed                                                                                       | `monitoring`                                                                                                                                  |
+| `networkPolicy.monitoring.podSelector`        | Selector for the monitoring pods                                                                                                       | `matchLabels:
+  app.kubernetes.io/name: prometheus-agent
+  app.kubernetes.io/instance: kps
+`                                                  |
 | `mailuVersion`                                | Override Mailu version to be deployed (tag of mailu images). Defaults to `Chart.AppVersion` - must be master or a version >= 2.0       | `""`                                                                                                                                          |
 | `logLevel`                                    | default log level. can be overridden globally or per service                                                                           | `WARNING`                                                                                                                                     |
 | `postmaster`                                  | local part of the postmaster email address (Mailu will use @$DOMAIN as domain part)                                                    | `postmaster`                                                                                                                                  |
@@ -583,6 +588,11 @@ Check that the deployed pods are all running.
 | `dovecot.hostAliases`                           | Pod pod host aliases                                                                  | `[]`                |
 | `dovecot.schedulerName`                         | Name of the k8s scheduler (other than default)                                        | `""`                |
 | `dovecot.service.annotations`                   | Admin service annotations                                                             | `{}`                |
+| `dovecot.serviceMonitor.enabled`                | If true, a serviceMonitor will be created for Dovecot                                 | `false`             |
+| `dovecot.serviceMonitor.annotations`            | Dovecot serviceMonitor annotations                                                    | `{}`                |
+| `dovecot.serviceMonitor.interval`               | Dovecot serviceMonitor scrape interval                                                | `""`                |
+| `dovecot.serviceMonitor.metricRelabelings`      | MetricRelabelConfigs to apply to samples after scraping, but before ingestion.        | `[]`                |
+| `dovecot.serviceMonitor.relabelings`            | RelabelConfigs to apply to samples before scraping                                    | `[]`                |
 | `dovecot.topologySpreadConstraints`             | Topology Spread Constraints for pod assignment                                        | `[]`                |
 | `dovecot.updateStrategy.type`                   | Can be set to RollingUpdate or OnDelete                                               | `RollingUpdate`     |
 | `dovecot.extraEnvVars`                          | Extra environment variable to pass to the running container                           | `[]`                |
@@ -647,7 +657,12 @@ Check that the deployed pods are all running.
 | `rspamd.revisionHistoryLimit`                  | Configure the revisionHistoryLimit of the deployment                                  | `3`                 |
 | `rspamd.hostAliases`                           | Pod pod host aliases                                                                  | `[]`                |
 | `rspamd.schedulerName`                         | Name of the k8s scheduler (other than default)                                        | `""`                |
-| `rspamd.service.annotations`                   | Admin service annotations                                                             | `{}`                |
+| `rspamd.service.annotations`                   | Rspamd service annotations                                                            | `{}`                |
+| `rspamd.serviceMonitor.enabled`                | If true, a serviceMonitor will be created for Rspamd                                  | `false`             |
+| `rspamd.serviceMonitor.annotations`            | Rspamd serviceMonitor annotations                                                     | `{}`                |
+| `rspamd.serviceMonitor.interval`               | Rspamd serviceMonitor scrape interval                                                 | `""`                |
+| `rspamd.serviceMonitor.metricRelabelings`      | MetricRelabelConfigs to apply to samples after scraping, but before ingestion.        | `[]`                |
+| `rspamd.serviceMonitor.relabelings`            | RelabelConfigs to apply to samples before scraping                                    | `[]`                |
 | `rspamd.topologySpreadConstraints`             | Topology Spread Constraints for pod assignment                                        | `[]`                |
 | `rspamd.updateStrategy.type`                   | Can be set to RollingUpdate or OnDelete                                               | `RollingUpdate`     |
 | `rspamd.extraEnvVars`                          | Extra environment variable to pass to the running container                           | `[]`                |
 
@@ -106,6 +106,77 @@ dovecot:
     limits:
       memory: 1Gi
       cpu: 2
+  serviceMonitor:
+    enabled: true
+    interval: 30s
+    # Random relabellings to test behavior
+    metricRelabelings:
+      - action: keep
+        regex: "kube_(daemonset|deployment|pod|namespace|node|statefulset).+"
+        sourceLabels: [__name__]
+    relabelings:
+      - sourceLabels: [__meta_kubernetes_pod_node_name]
+        separator: ;
+        regex: ^(.*)$
+        targetLabel: nodename
+        replacement: $1
+        action: replace
+  overrides:
+    dovecot.conf: |
+      ##
+      ## Statistics and metrics
+      ##
+
+      # Dovecot supports gathering statistics from events.
+      # Currently there are no statistics logged by default, and therefore they must
+      # be explicitly added using the metric configuration blocks.
+      #
+      # Unlike old stats, the new statistics do not require any plugins loaded.
+      #
+      # See https://doc.dovecot.org/2.3/configuration_manual/stats/ for more details.
+
+      ##
+      ## Example metrics
+      ##
+
+      metric auth_success {
+        filter = event=auth_request_finished AND success=yes
+      }
+
+      metric auth_failures {
+        filter = event=auth_request_finished AND NOT success=yes
+      }
+
+      metric imap_command {
+        filter = event=imap_command_finished
+        group_by = cmd_name tagged_reply_state
+      }
+
+      metric smtp_command {
+        filter = event=smtp_server_command_finished
+        group_by = cmd_name status_code duration:exponential:1:5:10
+      }
+
+      metric mail_delivery {
+        filter = event=mail_delivery_finished
+        group_by = duration:exponential:1:5:10
+      }
+
+      ##
+      ## Prometheus
+      ##
+
+      # To allow access to statistics with Prometheus, enable http listener
+      # on stats process. Stats will be available on /metrics path.
+      #
+      # See https://doc.dovecot.org/2.3/configuration_manual/stats/openmetrics/ for more
+      # details.
+
+      service stats {
+        inet_listener http {
+          port = 9900
+        }
+      }
 
 rspamd:
   logLevel: INFO
@@ -118,6 +189,21 @@ rspamd:
     limits:
       memory: 1Gi
       cpu: 2
+  serviceMonitor:
+    enabled: true
+    interval: 30s
+    # Random relabellings to test behavior
+    metricRelabelings:
+      - action: keep
+        regex: "kube_(daemonset|deployment|pod|namespace|node|statefulset).+"
+        sourceLabels: [__name__]
+    relabelings:
+      - sourceLabels: [__meta_kubernetes_pod_node_name]
+        separator: ;
+        regex: ^(.*)$
+        targetLabel: nodename
+        replacement: $1
+        action: replace
 
 clamav:
   logLevel: INFO
 
@@ -36,3 +36,5 @@ After you created an initial admin login (see docs), you can login to the admin
 If you're upgrading from Mailu < 2024.06, please read this: https://mailu.io/2024.06/releases.html#after-upgrading
 
 {{ include "mailu.validateValues" . }}
+
+{{ include "mailu.dovecot.validateServiceMonitor" . }}
@@ -208,3 +208,12 @@ mailu: tika
     {{- print "off" -}}
 {{- end -}}
 {{- end -}}
+
+
+{{/* If .Values.dovecot.serviceMonitor.enabled is true and .Values.dovecot.overrides is an empty object, throw an alert message as it would not work */}}
+{{- define "mailu.dovecot.validateServiceMonitor" -}}
+{{- if and .Values.dovecot.serviceMonitor.enabled (eq (len .Values.dovecot.overrides) 0) -}}
+mailu: dovecot
+    You need to set at least one override for Dovecot's service monitor
+{{- end -}}
+{{- end -}}
@@ -119,6 +119,11 @@ spec:
             - name: sieve
               containerPort: 4190
               protocol: TCP
+            {{- if .Values.dovecot.serviceMonitor.enabled }}
+            - name: dovecot-metrics
+              containerPort: 9900
+              protocol: TCP
+            {{- end }}
           {{- if .Values.dovecot.resources }}
           resources: {{- toYaml .Values.dovecot.resources | nindent 12 }}
           {{- end }}
 
@@ -32,4 +32,9 @@ spec:
     - name: sieve
       port: 4190
       protocol: TCP
+    {{- if .Values.dovecot.serviceMonitor.enabled }}
+    - name: dovecot-metrics
+      port: 9900
+      protocol: TCP
+    {{- end }}
 {{- end }}
@@ -0,0 +1,34 @@
+{{- if and .Values.dovecot.enabled .Values.dovecot.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "mailu.dovecot.serviceName" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: dovecot
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.dovecot.serviceMonitor.annotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.dovecot.serviceMonitor.annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+    app.kubernetes.io/component: dovecot
+  namespaceSelector:
+    matchNames:
+      - {{ include "common.names.namespace" . | quote }}
+  endpoints:
+    - port: dovecot-metrics
+      path: /metrics
+      scheme: http
+      {{- if .Values.dovecot.serviceMonitor.interval }}
+      interval: {{ .Values.dovecot.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.dovecot.serviceMonitor.relabelings }}
+      relabelings: {{- tpl (toYaml .Values.dovecot.serviceMonitor.relabelings | nindent 6) . }}
+      {{- end }}
+      {{- if .Values.dovecot.serviceMonitor.metricRelabelings }}
+      metricRelabelings: {{- tpl (toYaml .Values.dovecot.serviceMonitor.metricRelabelings | nindent 6) . }}
+      {{- end }}
+{{- end }}