# Default values for stalwart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: image: # -- if set it will overwrite all registry entries registry: # -- if set it will overwrite all pullPolicy pullPolicy: replicaCount: 1 image: registry: docker.io repository: stalwartlabs/mail-server pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" config: server: listener: smtp: bind: ["[::]:25"] protocol: "smtp" submission: bind: ["[::]:587"] protocol: "smtp" submissions: bind: ["[::]:465"] protocol: "smtp" tls: implicit: true imap: bind: ["[::]:143"] protocol: "imap" imaptls: bind: ["[::]:993"] protocol: "imap" tls: implicit: true pop3: bind: ["[::]:110"] protocol: "pop3" pop3s: bind: ["[::]:995"] protocol: "pop3" tls: implicit: true sieve: bind: ["[::]:4190"] protocol: "managesieve" https: protocol: "http" bind: ["[::]:443"] tls: implicit: true storage: data: "rocksdb" fts: "rocksdb" blob: "rocksdb" lookup: "rocksdb" directory: "internal" store: rocksdb: type: rocksdb path: "/data" compression: "lz4" directory: internal: type: "internal" store: "rocksdb" tracer: otel: enable: false type: "open-telemetry" level: "info" # -- grpc or http transport: "grpc" endpoint: "" # -- headers for usage with http (e.g. 'Authorization: ') headers: [] stdout: enable: true type: "stdout" level: "info" ansi: false auth: dkim: # -- auth rule for signing with dkim # @section -- DKIM sign: - if: "listener != 'smtp'" then: "['rsa', 'ed25519']" - else: false # -- verify of dkim signature (relaxed, strict, disable) # @section -- DKIM verify: "relaxed" authentication: fallback-admin: # -- username for fallback authentfication # @section -- Authentification user: "admin" # -- password for fallback authentfication (use env for store in secrets of kubernetes) # @section -- Authentification secret: "%{env:FALLBACK_ADMIN_SECRET}%" secrets: env: # -- password for fallback authentfication (env) # @section -- Authentification FALLBACK_ADMIN_SECRET: supersecret serviceAccount: # Specifies whether a service account should be created create: false # Automatically mount a ServiceAccount's API credentials? automount: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} env: [] podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP ipFamilies: ["IPv4"] # -- other option is RequireDualStack ipFamilyPolicy: "SingleStack" annotations: {} ports: smtp: 25 smtp-submission: 587 smtps: 465 imap: 143 imaptls: 993 pop3: 110 pop3s: 995 sieve: 4190 https: 443 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local traefik: enabled: false ports: smtp: match: entrypoint: smtp proxyProtocol: true smtps: match: entrypoint: smtps proxyProtocol: true passthroughTLS: true imaptls: match: entrypoint: imaps proxyProtocol: true passthroughTLS: true pop3s: match: entrypoint: pop3s proxyProtocol: true passthroughTLS: true sieve: match: entrypoint: sieve proxyProtocol: true passthroughTLS: true https: match: entrypoint: websecure proxyProtocol: true passthroughTLS: true certificate: # -- not needed if certmanager is used secretName: certmanager: enabled: true issuerRef: group: cert-manager.io kind: ClusterIssuer name: letsencrypt-prod dnsNames: - "chart-example.local" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
#   cpu: 100m
#   memory: 128Mi
# requests:
#   cpu: 100m
#   memory: 128Mi

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
#   secret:
#     secretName: mysecret
#     optional: false

# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
#   mountPath: "/etc/foo"
#   readOnly: true

nodeSelector: {}

tolerations: []

affinity: {}

persistence:
  # -- Enable persistence using Persistent Volume Claims
  # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  enabled: true
  annotations: {}
  # -- Persistent Volume Storage Class
  # If defined, storageClassName: <storageClass>
  # If set to "-", storageClassName: "", which disables dynamic provisioning
  # If undefined (the default) or set to null, no storageClassName spec is
  #   set, choosing the default provisioner. (gp2 on AWS, standard on # GKE, AWS & OpenStack) storageClass: # -- A manually managed Persistent Volume and Claim # Requires persistence.enabled: true # If defined, PVC must be created manually before volume will be bound existingClaim: # -- Do not create an PVC, direct use hostPath in Pod hostPath: # -- accessMode accessMode: ReadWriteOnce # -- size size: 10Gi