stalwart-mail
stalwart-mail
Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)
Maintainers
| Name | Url | |
|---|---|---|
| WrenIX | https://wrenix.eu |
= Alpha
WARNING
We stop working on this Helm-Chart. There are still many breaking change like:
- https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings]
We hope that stalward mail-server becomes more stable.
====
Usage
Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm’s documentation to get started. Once Helm has been set up correctly, fetch the charts as follows:
helm pull oci://codeberg.org/wrenix/helm-charts/stalwart-mailYou can install a chart release using the following command:
helm install stalwart-mail-release oci://codeberg.org/wrenix/helm-charts/stalwart-mail --values values.yamlTo uninstall a chart release use helm’s delete command:
helm uninstall stalwart-mail-releaseValues
DKIM
| Key | Type | Default | Description |
|---|---|---|---|
| config.auth.dkim.sign | list | [{"if":"listener != 'smtp'","then":"['rsa', 'ed25519']"},{"else":false}] | auth rule for signing with dkim |
| config.auth.dkim.verify | string | "relaxed" | verify of dkim signature (relaxed, strict, disable) |
Authentification
| Key | Type | Default | Description |
|---|---|---|---|
| config.authentication.fallback-admin.secret | string | "%{env:FALLBACK_ADMIN_SECRET}%" | password for fallback authentfication (use env for store in secrets of kubernetes) |
| config.authentication.fallback-admin.user | string | "admin" | username for fallback authentfication |
| secrets.env.FALLBACK_ADMIN_SECRET | string | "supersecret" | password for fallback authentfication (env) |
Other Values
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} | |
| autoscaling.enabled | bool | false | |
| autoscaling.maxReplicas | int | 100 | |
| autoscaling.minReplicas | int | 1 | |
| autoscaling.targetCPUUtilizationPercentage | int | 80 | |
| certificate.certmanager.dnsNames[0] | string | "chart-example.local" | |
| certificate.certmanager.enabled | bool | true | |
| certificate.certmanager.issuerRef.group | string | "cert-manager.io" | |
| certificate.certmanager.issuerRef.kind | string | "ClusterIssuer" | |
| certificate.certmanager.issuerRef.name | string | "letsencrypt-prod" | |
| certificate.secretName | string | nil | not needed if certmanager is used |
| config.directory.internal.store | string | "rocksdb" | |
| config.directory.internal.type | string | "internal" | |
| config.metrics.prometheus.auth.secret | string | "%{env:METRICS_SECRET}%" | |
| config.metrics.prometheus.auth.username | string | "%{env:METRICS_USERNAME}%" | |
| config.metrics.prometheus.enable | bool | true | |
| config.server.listener.http.bind[0] | string | "[::]:80" | |
| config.server.listener.http.protocol | string | "http" | |
| config.server.listener.https.bind[0] | string | "[::]:443" | |
| config.server.listener.https.protocol | string | "http" | |
| config.server.listener.https.tls.implicit | bool | true | |
| config.server.listener.imap.bind[0] | string | "[::]:143" | |
| config.server.listener.imap.protocol | string | "imap" | |
| config.server.listener.imaptls.bind[0] | string | "[::]:993" | |
| config.server.listener.imaptls.protocol | string | "imap" | |
| config.server.listener.imaptls.tls.implicit | bool | true | |
| config.server.listener.pop3.bind[0] | string | "[::]:110" | |
| config.server.listener.pop3.protocol | string | "pop3" | |
| config.server.listener.pop3s.bind[0] | string | "[::]:995" | |
| config.server.listener.pop3s.protocol | string | "pop3" | |
| config.server.listener.pop3s.tls.implicit | bool | true | |
| config.server.listener.sieve.bind[0] | string | "[::]:4190" | |
| config.server.listener.sieve.protocol | string | "managesieve" | |
| config.server.listener.smtp.bind[0] | string | "[::]:25" | |
| config.server.listener.smtp.protocol | string | "smtp" | |
| config.server.listener.submission.bind[0] | string | "[::]:587" | |
| config.server.listener.submission.protocol | string | "smtp" | |
| config.server.listener.submissions.bind[0] | string | "[::]:465" | |
| config.server.listener.submissions.protocol | string | "smtp" | |
| config.server.listener.submissions.tls.implicit | bool | true | |
| config.storage.blob | string | "rocksdb" | |
| config.storage.data | string | "rocksdb" | |
| config.storage.directory | string | "internal" | |
| config.storage.fts | string | "rocksdb" | |
| config.storage.lookup | string | "rocksdb" | |
| config.store.rocksdb.compression | string | "lz4" | |
| config.store.rocksdb.path | string | "/data" | |
| config.store.rocksdb.type | string | "rocksdb" | |
| config.tracer.otel.enable | bool | false | |
| config.tracer.otel.endpoint | string | "https://127.0.0.1/otel" | |
| config.tracer.otel.headers | list | [] | headers for usage with http (e.g. ‘Authorization: <place_auth_here>’) |
| config.tracer.otel.level | string | "info" | |
| config.tracer.otel.transport | string | "grpc" | grpc or http |
| config.tracer.otel.type | string | "open-telemetry" | |
| config.tracer.stdout.ansi | bool | false | |
| config.tracer.stdout.enable | bool | true | |
| config.tracer.stdout.level | string | "info" | |
| config.tracer.stdout.type | string | "stdout" | |
| env | list | [] | |
| fullnameOverride | string | "" | |
| global.image.pullPolicy | string | nil | if set it will overwrite all pullPolicy |
| global.image.registry | string | nil | if set it will overwrite all registry entries |
| image.pullPolicy | string | "IfNotPresent" | |
| image.registry | string | "docker.io" | |
| image.repository | string | "stalwartlabs/mail-server" | |
| image.tag | string | "" | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | [] | |
| ingress.annotations | object | {} | |
| ingress.className | string | "" | |
| ingress.enabled | bool | false | |
| ingress.hosts[0].host | string | "chart-example.local" | |
| ingress.hosts[0].paths[0].path | string | "/" | |
| ingress.hosts[0].paths[0].pathType | string | "ImplementationSpecific" | |
| ingress.tls | list | [] | |
| livenessProbe.httpGet.path | string | "/healthz/live" | |
| livenessProbe.httpGet.port | string | "http" | |
| nameOverride | string | "" | |
| nodeSelector | object | {} | |
| persistence.accessMode | string | "ReadWriteOnce" | accessMode |
| persistence.annotations | object | {} | |
| persistence.enabled | bool | true | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| persistence.existingClaim | string | nil | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
| persistence.hostPath | string | nil | Do not create an PVC, direct use hostPath in Pod |
| persistence.size | string | "10Gi" | size |
| persistence.storageClass | string | nil | Persistent Volume Storage Class If defined, storageClassName: |
| podAnnotations | object | {} | |
| podLabels | object | {} | |
| podSecurityContext | object | {} | |
| prometheus.servicemonitor.enabled | bool | false | |
| prometheus.servicemonitor.labels | object | {} | |
| readinessProbe.httpGet.path | string | "/healthz/ready" | |
| readinessProbe.httpGet.port | string | "http" | |
| replicaCount | int | 1 | |
| resources | object | {} | |
| secrets.env.METRICS_SECRET | string | "scrape_metrics_password" | |
| secrets.env.METRICS_USERNAME | string | "scrape_metrics_user" | |
| securityContext | object | {} | |
| service.annotations | object | {} | |
| service.ipFamilies[0] | string | "IPv4" | |
| service.ipFamilyPolicy | string | "SingleStack" | other option is RequireDualStack |
| service.ports.http | int | 80 | |
| service.ports.https | int | 443 | |
| service.ports.imap | int | 143 | |
| service.ports.imaptls | int | 993 | |
| service.ports.pop3 | int | 110 | |
| service.ports.pop3s | int | 995 | |
| service.ports.sieve | int | 4190 | |
| service.ports.smtp | int | 25 | |
| service.ports.submission | int | 587 | |
| service.ports.submissions | int | 465 | |
| service.type | string | "ClusterIP" | |
| serviceAccount.annotations | object | {} | |
| serviceAccount.automount | bool | true | |
| serviceAccount.create | bool | false | |
| serviceAccount.name | string | "" | |
| tolerations | list | [] | |
| traefik.enabled | bool | false | |
| traefik.ports.https.entrypoint | string | "websecure" | |
| traefik.ports.https.match | string | nil | |
| traefik.ports.https.passthroughTLS | bool | true | |
| traefik.ports.https.proxyProtocol | bool | true | |
| traefik.ports.imaptls.entrypoint | string | "imaps" | |
| traefik.ports.imaptls.match | string | nil | |
| traefik.ports.imaptls.passthroughTLS | bool | true | |
| traefik.ports.imaptls.proxyProtocol | bool | true | |
| traefik.ports.pop3s.entrypoint | string | "pop3s" | |
| traefik.ports.pop3s.match | string | nil | |
| traefik.ports.pop3s.passthroughTLS | bool | true | |
| traefik.ports.pop3s.proxyProtocol | bool | true | |
| traefik.ports.sieve.entrypoint | string | "sieve" | |
| traefik.ports.sieve.match | string | nil | |
| traefik.ports.sieve.passthroughTLS | bool | true | |
| traefik.ports.sieve.proxyProtocol | bool | true | |
| traefik.ports.smtp.entrypoint | string | "smtp" | |
| traefik.ports.smtp.match | string | nil | |
| traefik.ports.smtp.proxyProtocol | bool | true | |
| traefik.ports.submissions.entrypoint | string | "smtps" | |
| traefik.ports.submissions.match | string | nil | |
| traefik.ports.submissions.passthroughTLS | bool | true | |
| traefik.ports.submissions.proxyProtocol | bool | true | |
| volumeMounts | list | [] | |
| volumes | list | [] |
Autogenerated from chart metadata using helm-docs