11 KiB
11 KiB
| title | description |
|---|---|
| stalwart-mail | Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) |
stalwart-mail
Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)
Maintainers
| Name | Url | |
|---|---|---|
| WrenIX | https://wrenix.eu |
= Alpha
WARNING
We stop working on this Helm-Chart. There are still many breaking change like:
- https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings]
We hope that stalward mail-server becomes more stable.
====
Usage
Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm's documentation to get started. Once Helm has been set up correctly, fetch the charts as follows:
helm pull oci://codeberg.org/wrenix/helm-charts/stalwart-mail
You can install a chart release using the following command:
helm install stalwart-mail-release oci://codeberg.org/wrenix/helm-charts/stalwart-mail --values values.yaml
To uninstall a chart release use helm's delete command:
helm uninstall stalwart-mail-release
Values
DKIM
| Key | Type | Default | Description |
|---|---|---|---|
| config.auth.dkim.sign | list | [{"if":"listener != 'smtp'","then":"['rsa', 'ed25519']"},{"else":false}] |
auth rule for signing with dkim |
| config.auth.dkim.verify | string | "relaxed" |
verify of dkim signature (relaxed, strict, disable) |
Authentification
| Key | Type | Default | Description |
|---|---|---|---|
| config.authentication.fallback-admin.secret | string | "%{env:FALLBACK_ADMIN_SECRET}%" |
password for fallback authentfication (use env for store in secrets of kubernetes) |
| config.authentication.fallback-admin.user | string | "admin" |
username for fallback authentfication |
| secrets.env.FALLBACK_ADMIN_SECRET | string | "supersecret" |
password for fallback authentfication (env) |
Other Values
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
|
| autoscaling.enabled | bool | false |
|
| autoscaling.maxReplicas | int | 100 |
|
| autoscaling.minReplicas | int | 1 |
|
| autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| certificate.certmanager.dnsNames[0] | string | "chart-example.local" |
|
| certificate.certmanager.enabled | bool | true |
|
| certificate.certmanager.issuerRef.group | string | "cert-manager.io" |
|
| certificate.certmanager.issuerRef.kind | string | "ClusterIssuer" |
|
| certificate.certmanager.issuerRef.name | string | "letsencrypt-prod" |
|
| certificate.secretName | string | nil |
not needed if certmanager is used |
| config.directory.internal.store | string | "rocksdb" |
|
| config.directory.internal.type | string | "internal" |
|
| config.metrics.prometheus.auth.secret | string | "%{env:METRICS_SECRET}%" |
|
| config.metrics.prometheus.auth.username | string | "%{env:METRICS_USERNAME}%" |
|
| config.metrics.prometheus.enable | bool | true |
|
| config.server.allowed-ip."10.42.0.1/16" | string | "" |
|
| config.server.listener.http.bind[0] | string | "[::]:80" |
|
| config.server.listener.http.protocol | string | "http" |
|
| config.server.listener.https.bind[0] | string | "[::]:443" |
|
| config.server.listener.https.protocol | string | "http" |
|
| config.server.listener.https.tls.implicit | bool | true |
|
| config.server.listener.imap.bind[0] | string | "[::]:143" |
|
| config.server.listener.imap.protocol | string | "imap" |
|
| config.server.listener.imaptls.bind[0] | string | "[::]:993" |
|
| config.server.listener.imaptls.protocol | string | "imap" |
|
| config.server.listener.imaptls.tls.implicit | bool | true |
|
| config.server.listener.pop3.bind[0] | string | "[::]:110" |
|
| config.server.listener.pop3.protocol | string | "pop3" |
|
| config.server.listener.pop3s.bind[0] | string | "[::]:995" |
|
| config.server.listener.pop3s.protocol | string | "pop3" |
|
| config.server.listener.pop3s.tls.implicit | bool | true |
|
| config.server.listener.sieve.bind[0] | string | "[::]:4190" |
|
| config.server.listener.sieve.protocol | string | "managesieve" |
|
| config.server.listener.smtp.bind[0] | string | "[::]:25" |
|
| config.server.listener.smtp.protocol | string | "smtp" |
|
| config.server.listener.submission.bind[0] | string | "[::]:587" |
|
| config.server.listener.submission.protocol | string | "smtp" |
|
| config.server.listener.submissions.bind[0] | string | "[::]:465" |
|
| config.server.listener.submissions.protocol | string | "smtp" |
|
| config.server.listener.submissions.tls.implicit | bool | true |
|
| config.storage.blob | string | "rocksdb" |
|
| config.storage.data | string | "rocksdb" |
|
| config.storage.directory | string | "internal" |
|
| config.storage.fts | string | "rocksdb" |
|
| config.storage.lookup | string | "rocksdb" |
|
| config.store.rocksdb.compression | string | "lz4" |
|
| config.store.rocksdb.path | string | "/data" |
|
| config.store.rocksdb.type | string | "rocksdb" |
|
| config.tracer.otel.enable | bool | false |
|
| config.tracer.otel.endpoint | string | "https://127.0.0.1/otel" |
|
| config.tracer.otel.headers | list | [] |
headers for usage with http (e.g. 'Authorization: <place_auth_here>') |
| config.tracer.otel.level | string | "info" |
|
| config.tracer.otel.transport | string | "grpc" |
grpc or http |
| config.tracer.otel.type | string | "open-telemetry" |
|
| config.tracer.stdout.ansi | bool | false |
|
| config.tracer.stdout.enable | bool | true |
|
| config.tracer.stdout.level | string | "info" |
|
| config.tracer.stdout.type | string | "stdout" |
|
| env | list | [] |
|
| fullnameOverride | string | "" |
|
| global.image.pullPolicy | string | nil |
if set it will overwrite all pullPolicy |
| global.image.registry | string | nil |
if set it will overwrite all registry entries |
| image.pullPolicy | string | "IfNotPresent" |
This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
| image.registry | string | "docker.io" |
image registry (could be overwritten by global.image.registry) |
| image.repository | string | "stalwartlabs/mail-server" |
image repository |
| image.tag | string | "" |
image tag - Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | [] |
|
| ingress.annotations | object | {} |
|
| ingress.className | string | "" |
|
| ingress.enabled | bool | false |
|
| ingress.hosts[0].host | string | "chart-example.local" |
|
| ingress.hosts[0].paths[0].path | string | "/" |
|
| ingress.hosts[0].paths[0].pathType | string | "ImplementationSpecific" |
|
| ingress.tls | list | [] |
|
| livenessProbe.httpGet.path | string | "/healthz/live" |
|
| livenessProbe.httpGet.port | string | "http" |
|
| nameOverride | string | "" |
|
| nodeSelector | object | {} |
|
| persistence.accessMode | string | "ReadWriteOnce" |
accessMode |
| persistence.annotations | object | {} |
|
| persistence.enabled | bool | true |
Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| persistence.existingClaim | string | nil |
A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
| persistence.hostPath | string | nil |
Do not create an PVC, direct use hostPath in Pod |
| persistence.size | string | "10Gi" |
size |
| persistence.storageClass | string | nil |
Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
| podAnnotations | object | {} |
|
| podLabels | object | {} |
|
| podSecurityContext | object | {} |
|
| prometheus.servicemonitor.enabled | bool | false |
|
| prometheus.servicemonitor.labels | object | {} |
|
| readinessProbe.httpGet.path | string | "/healthz/ready" |
|
| readinessProbe.httpGet.port | string | "http" |
|
| replicaCount | int | 1 |
replicas |
| resources | object | {} |
|
| secrets.env.METRICS_SECRET | string | "scrape_metrics_password" |
|
| secrets.env.METRICS_USERNAME | string | "scrape_metrics_user" |
|
| securityContext | object | {} |
|
| service.annotations | object | {} |
|
| service.ipFamilies[0] | string | "IPv4" |
|
| service.ipFamilyPolicy | string | "SingleStack" |
other option is RequireDualStack |
| service.ports.http | int | 80 |
|
| service.ports.https | int | 443 |
|
| service.ports.imap | int | 143 |
|
| service.ports.imaptls | int | 993 |
|
| service.ports.pop3 | int | 110 |
|
| service.ports.pop3s | int | 995 |
|
| service.ports.sieve | int | 4190 |
|
| service.ports.smtp | int | 25 |
|
| service.ports.submission | int | 587 |
|
| service.ports.submissions | int | 465 |
|
| service.type | string | "ClusterIP" |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.automount | bool | true |
|
| serviceAccount.create | bool | false |
|
| serviceAccount.name | string | "" |
|
| tolerations | list | [] |
|
| traefik.enabled | bool | false |
|
| traefik.ports.https.entrypoint | string | "websecure" |
|
| traefik.ports.https.match | string | nil |
|
| traefik.ports.https.passthroughTLS | bool | true |
|
| traefik.ports.https.proxyProtocol | bool | true |
|
| traefik.ports.imaptls.entrypoint | string | "imaps" |
|
| traefik.ports.imaptls.match | string | nil |
|
| traefik.ports.imaptls.passthroughTLS | bool | true |
|
| traefik.ports.imaptls.proxyProtocol | bool | true |
|
| traefik.ports.pop3s.entrypoint | string | "pop3s" |
|
| traefik.ports.pop3s.match | string | nil |
|
| traefik.ports.pop3s.passthroughTLS | bool | true |
|
| traefik.ports.pop3s.proxyProtocol | bool | true |
|
| traefik.ports.sieve.entrypoint | string | "sieve" |
|
| traefik.ports.sieve.match | string | nil |
|
| traefik.ports.sieve.passthroughTLS | bool | true |
|
| traefik.ports.sieve.proxyProtocol | bool | true |
|
| traefik.ports.smtp.entrypoint | string | "smtp" |
|
| traefik.ports.smtp.match | string | nil |
|
| traefik.ports.smtp.proxyProtocol | bool | true |
|
| traefik.ports.submissions.entrypoint | string | "smtps" |
|
| traefik.ports.submissions.match | string | nil |
|
| traefik.ports.submissions.passthroughTLS | bool | true |
|
| traefik.ports.submissions.proxyProtocol | bool | true |
|
| volumeMounts | list | [] |
|
| volumes | list | [] |
Autogenerated from chart metadata using helm-docs