Docs
Helm-Charts
stalwart-mail

stalwart-mail

stalwart-mail

Version: 0.1.7 Type: application AppVersion: 0.12.2

Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)

Maintainers

NameEmailUrl
WrenIXhttps://wrenix.eu

Alpha

⚠️

Current stalwart is not stable and we are also not stable.

We have current known issues:

  • cluster setup is not fully supported (so please keep replicas=1), see more in issue for cluster
  • toml interpreter of stalwart and golang (helm) are different, so we remove all .0 in the rendering to be compatible with stalwart-toml

Usage

Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm’s documentation to get started. Once Helm has been set up correctly, fetch the charts as follows:

helm pull oci://codeberg.org/wrenix/helm-charts/stalwart-mail

You can install a chart release using the following command:

helm install stalwart-mail-release oci://codeberg.org/wrenix/helm-charts/stalwart-mail --values values.yaml

To uninstall a chart release use helm’s delete command:

helm uninstall stalwart-mail-release

Values

Backup

KeyTypeDefaultDescription
backup.enabledbooltrueenable a init of statefulset to create a backup on /data

DKIM

KeyTypeDefaultDescription
config.auth.dkim.signlist[{"if":"listener != 'smtp' && is_local_domain('', sender_domain)","then":"['rsa-' + sender_domain, 'ed25519-' + sender_domain]"},{"else":false}]auth rule for signing with dkim
config.auth.dkim.verifystring"relaxed"verify of dkim signature (relaxed, strict, disable)

Authentification

KeyTypeDefaultDescription
config.authentication.fallback-admin.secretstring"%{env:FALLBACK_ADMIN_SECRET}%"password for fallback authentfication (use env for store in secrets of kubernetes)
config.authentication.fallback-admin.userstring"admin"username for fallback authentfication
secrets.env.FALLBACK_ADMIN_SECRETstring"supersecret"password for fallback authentfication (env)

Monitoring

KeyTypeDefaultDescription
config.metrics.prometheus.auth.secretstring"%{env:METRICS_SECRET}%"basic auth metrics password in stalwart-mail
config.metrics.prometheus.auth.usernamestring"%{env:METRICS_USERNAME}%"basic auth metrics username in stalwart-mail
config.metrics.prometheus.enablebooltrueenable prometheus in stalwart-mail
grafana.dashboards.annotationsobject{}label of configmap
grafana.dashboards.enabledboolfalsedeploy grafana dashboard in configmap
grafana.dashboards.labelsobject{"grafana_dashboard":"1"}label of configmap
prometheus.servicemonitor.enabledboolfalsedeploy servicemonitor
prometheus.servicemonitor.labelsobject{}label of servicemonitor
secrets.env.METRICS_SECRETstring"scrape_metrics_password"basic auth metrics password in secret for stalwart-mail
secrets.env.METRICS_USERNAMEstring"scrape_metrics_user"basic auth metrics username in secret for stalwart-mail

Other Values

KeyTypeDefaultDescription
affinityobject{}
autoscaling.enabledboolfalse
autoscaling.maxReplicasint100
autoscaling.minReplicasint1
autoscaling.targetCPUUtilizationPercentageint80
certificate.certmanager.dnsNames[0]string"chart-example.local"
certificate.certmanager.enabledbooltrue
certificate.certmanager.issuerRef.groupstring"cert-manager.io"
certificate.certmanager.issuerRef.kindstring"ClusterIssuer"
certificate.certmanager.issuerRef.namestring"letsencrypt-prod"
certificate.secretNamestringnilnot needed if certmanager is used
config.certificate.default.certstring"%{file:/opt/stalwart/etc/certs/tls.crt}%"
config.certificate.default.defaultbooltrue
config.certificate.default.private-keystring"%{file:/opt/stalwart/etc/certs/tls.key}%"
config.cluster.coordinatorstring"nats"
config.cluster.node-idstring"%{env:POD_INDEX}%"
config.config.local-keys[0]string"store.*"
config.config.local-keys[10]string"storage.lookup"
config.config.local-keys[11]string"storage.fts"
config.config.local-keys[12]string"storage.directory"
config.config.local-keys[13]string"certificate.*"
config.config.local-keys[14]string"server.allowed-ip.*"
config.config.local-keys[15]string"metrics.prometheus.*"
config.config.local-keys[16]string"auth.dkim.sign.*"
config.config.local-keys[17]string"auth.dkim.verify"
config.config.local-keys[18]string"http.use-x-forwarded"
config.config.local-keys[19]string"report.domain"
config.config.local-keys[1]string"directory.*"
config.config.local-keys[2]string"tracer.*"
config.config.local-keys[3]string"!server.blocked-ip.*"
config.config.local-keys[4]string"server.*"
config.config.local-keys[5]string"authentication.fallback-admin.*"
config.config.local-keys[6]string"cluster.*"
config.config.local-keys[7]string"config.local-keys.*"
config.config.local-keys[8]string"storage.data"
config.config.local-keys[9]string"storage.blob"
config.directory.internal.storestring"rocksdb"
config.directory.internal.typestring"internal"
config.http.use-x-forwardedbooltrue
config.server.allowed-ip.“10.42.0.1/16”string""
config.server.listener.http.bind[0]string"[::]:80"
config.server.listener.http.protocolstring"http"
config.server.listener.https.bind[0]string"[::]:443"
config.server.listener.https.protocolstring"http"
config.server.listener.https.tls.implicitbooltrue
config.server.listener.imap.bind[0]string"[::]:143"
config.server.listener.imap.protocolstring"imap"
config.server.listener.imaptls.bind[0]string"[::]:993"
config.server.listener.imaptls.protocolstring"imap"
config.server.listener.imaptls.tls.implicitbooltrue
config.server.listener.pop3.bind[0]string"[::]:110"
config.server.listener.pop3.protocolstring"pop3"
config.server.listener.pop3s.bind[0]string"[::]:995"
config.server.listener.pop3s.protocolstring"pop3"
config.server.listener.pop3s.tls.implicitbooltrue
config.server.listener.sieve.bind[0]string"[::]:4190"
config.server.listener.sieve.protocolstring"managesieve"
config.server.listener.smtp.bind[0]string"[::]:25"
config.server.listener.smtp.protocolstring"smtp"
config.server.listener.submission.bind[0]string"[::]:587"
config.server.listener.submission.protocolstring"smtp"
config.server.listener.submissions.bind[0]string"[::]:465"
config.server.listener.submissions.protocolstring"smtp"
config.server.listener.submissions.tls.implicitbooltrue
config.storage.blobstring"rocksdb"
config.storage.datastring"rocksdb"
config.storage.directorystring"internal"
config.storage.ftsstring"rocksdb"
config.storage.lookupstring"rocksdb"
config.store.nats.typestring"nats"
config.store.rocksdb.compressionstring"lz4"
config.store.rocksdb.pathstring"/data"
config.store.rocksdb.typestring"rocksdb"
config.tracer.otel.enableboolfalse
config.tracer.otel.endpointstring"https://127.0.0.1/otel"
config.tracer.otel.headerslist[]headers for usage with http (e.g. ‘Authorization: <place_auth_here>’)
config.tracer.otel.levelstring"info"
config.tracer.otel.transportstring"grpc"grpc or http
config.tracer.otel.typestring"open-telemetry"
config.tracer.stdout.ansiboolfalse
config.tracer.stdout.enablebooltrue
config.tracer.stdout.levelstring"info"
config.tracer.stdout.typestring"stdout"
envlist[]
fullnameOverridestring""
global.image.pullPolicystringnilif set it will overwrite all pullPolicy
global.image.registrystringnilif set it will overwrite all registry entries
image.pullPolicystring"IfNotPresent"This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
image.registrystring"ghcr.io"image registry (could be overwritten by global.image.registry)
image.repositorystring"stalwartlabs/stalwart"image repository
image.tagstring""image tag - Overrides the image tag whose default is the chart appVersion.
imagePullSecretslist[]
ingress.annotationsobject{}
ingress.classNamestring""
ingress.enabledboolfalse
ingress.hosts[0].hoststring"chart-example.local"
ingress.hosts[0].paths[0].pathstring"/"
ingress.hosts[0].paths[0].pathTypestring"ImplementationSpecific"
ingress.tlslist[]
livenessProbe.httpGet.httpHeaders[0].namestring"X-Forwarded-For"
livenessProbe.httpGet.httpHeaders[0].valuestring"127.0.0.1"
livenessProbe.httpGet.pathstring"/healthz/live"
livenessProbe.httpGet.portstring"http"
livenessProbe.initialDelaySecondsint5
livenessProbe.periodSecondsint10
nameOverridestring""
nats.enabledbooltrue
nats.image.pullPolicystring"IfNotPresent"
nats.image.registrystring"docker.io"
nats.image.repositorystring"library/nats"
nats.image.tagstring"2.11.4-scratch"
nats.livenessProbe.tcpSocket.portstring"nats"
nats.readinessProbe.tcpSocket.portstring"nats"
nats.replicaCountint1replicas
nats.resources.limits.cpustring"100m"
nats.resources.limits.memorystring"128Mi"
nats.resources.requests.cpustring"100m"
nats.resources.requests.memorystring"128Mi"
nats.service.port.natsint4222
nodeSelectorobject{}
persistence.accessModestring"ReadWriteOnce"accessMode
persistence.annotationsobject{}
persistence.enabledbooltrueEnable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
persistence.existingClaimstringnilA manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound
persistence.hostPathstringnilDo not create an PVC, direct use hostPath in Pod
persistence.sizestring"10Gi"size
persistence.storageClassstringnilPersistent Volume Storage Class If defined, storageClassName: If set to “-”, storageClassName: “”, which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack)
podAnnotationsobject{}
podLabelsobject{}
podSecurityContextobject{}
readinessProbe.httpGet.httpHeaders[0].namestring"X-Forwarded-For"
readinessProbe.httpGet.httpHeaders[0].valuestring"127.0.0.1"
readinessProbe.httpGet.pathstring"/healthz/ready"
readinessProbe.httpGet.portstring"http"
readinessProbe.initialDelaySecondsint30
readinessProbe.periodSecondsint10
replicaCountint1replicas
resourcesobject{}
securityContextobject{}
service.annotationsobject{}
service.ipFamilies[0]string"IPv4"
service.ipFamilyPolicystring"SingleStack"other option is RequireDualStack
service.ports.httpint80
service.ports.httpsint443
service.ports.imapint143
service.ports.imaptlsint993
service.ports.pop3int110
service.ports.pop3sint995
service.ports.sieveint4190
service.ports.smtpint25
service.ports.submissionint587
service.ports.submissionsint465
service.typestring"ClusterIP"
serviceAccount.annotationsobject{}
serviceAccount.automountbooltrue
serviceAccount.createboolfalse
serviceAccount.namestring""
tolerationslist[]
traefik.enabledboolfalse
traefik.ports.https.entrypointstring"websecure"
traefik.ports.https.matchstringnil
traefik.ports.https.passthroughTLSbooltrue
traefik.ports.https.proxyProtocolbooltrue
traefik.ports.imaptls.entrypointstring"imaps"
traefik.ports.imaptls.matchstringnil
traefik.ports.imaptls.passthroughTLSbooltrue
traefik.ports.imaptls.proxyProtocolbooltrue
traefik.ports.pop3s.entrypointstring"pop3s"
traefik.ports.pop3s.matchstringnil
traefik.ports.pop3s.passthroughTLSbooltrue
traefik.ports.pop3s.proxyProtocolbooltrue
traefik.ports.sieve.entrypointstring"sieve"
traefik.ports.sieve.matchstringnil
traefik.ports.sieve.passthroughTLSbooltrue
traefik.ports.sieve.proxyProtocolbooltrue
traefik.ports.smtp.entrypointstring"smtp"
traefik.ports.smtp.matchstringnil
traefik.ports.smtp.proxyProtocolbooltrue
traefik.ports.submissions.entrypointstring"smtps"
traefik.ports.submissions.matchstringnil
traefik.ports.submissions.passthroughTLSbooltrue
traefik.ports.submissions.proxyProtocolbooltrue
updateStrategyobject{"type":"OnDelete"}updateStrategy (should be OnDelete during update with breaking changes)
volumeMountslist[]
volumeslist[]

Autogenerated from chart metadata using helm-docs

speedtest-exporter