README.md

mok

Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.

Maintainers

Name	Email	Url
Sheogorath		https://shivering-isles.com/contribute

Source Code

• https://de.postfix.org/ftpmirror/index.html
• https://github.com/dovecot/core

Values

Key	Type	Default	Description
domains	object	{}	list of configured domains and users. See values.yaml for details.
dovecot.affinity	object	{}
dovecot.image.pullPolicy	string	"IfNotPresent"
dovecot.image.repository	string	"quay.io/shivering-isles/dovecot"	dovecot container image
dovecot.image.tag	string	"0.1.2"	Overrides the image tag whose default is "latest"
dovecot.imagePullSecrets	list	[]	pull secret to access the afore defined image
dovecot.nodeSelector	object	{}
dovecot.podAnnotations	object	{}
dovecot.podSecurityContext	object	{}
dovecot.replicaCount	int	1	Number of Dovecot pods. Important: With the current configuration, it's not recommended to scale beyond 1
dovecot.resources.limits.cpu	string	"500m"
dovecot.resources.limits.memory	string	"512Mi"
dovecot.resources.requests.cpu	string	"100m"
dovecot.resources.requests.memory	string	"128Mi"
dovecot.securityContext.allowPrivilegeEscalation	bool	false
dovecot.securityContext.capabilities.add[0]	string	"SYS_CHROOT"	required to setup chroot for dovecot https://wiki.dovecot.org/HowTo/Rootless
dovecot.securityContext.capabilities.add[1]	string	"CHOWN"	required to set up file structure
dovecot.securityContext.capabilities.add[2]	string	"CAP_NET_BIND_SERVICE"	required to bind privileged ports in the container, such as 993, 143, 24, etc.
dovecot.securityContext.capabilities.add[3]	string	"SETUID"	required to drop privileges with dovecot process
dovecot.securityContext.capabilities.add[4]	string	"SETGID"	required to drop privileges with dovecot process
dovecot.securityContext.capabilities.add[5]	string	"FOWNER"	required to create spool directories
dovecot.securityContext.capabilities.drop[0]	string	"ALL"	required to drop privileges by default
dovecot.securityContext.runAsNonRoot	bool	false
dovecot.service.internal.type	string	"ClusterIP"	type of the public endpoint for lmtp, metrics, authentication
dovecot.service.public.type	string	"LoadBalancer"	type of the public endpoint for pop3, imap, and sieve Note: It's configured to share the IP with postfix in case of metallb
dovecot.tls.secretName	string	"nil"	secret holding the TLS keys for dovecot. Required
dovecot.tolerations	list	[]
dovecot.volumes.vmail.accessModes	list	["ReadWriteMany"]	Volume access mode, using ReadWriteMany in order to prepare setup with dovcecot director
dovecot.volumes.vmail.resources.requests.storage	string	"5Gi"
dovecot.volumes.vmail.volumeMode	string	"Filesystem"
fullnameOverride	string	""
nameOverride	string	""
networkPolicy.create	bool	true	Create NetworkPolicies to access the mailserver from outside
postfix.affinity	object	{}
postfix.hostname	string	nil	explicitly set postfix hostname
postfix.image.pullPolicy	string	"IfNotPresent"
postfix.image.repository	string	"quay.io/shivering-isles/postfix"	postfix container image
postfix.image.tag	string	"0.2.3"	Overrides the image tag whose default is "latest"
postfix.imagePullSecrets	list	[]
postfix.nodeSelector	object	{}
postfix.podAnnotations	object	{}
postfix.podDisruptionBudget.enabled	bool	true	Enable PodDisruptionBudget if replicaCount is set to > 2
postfix.podSecurityContext	object	{}
postfix.postscreen.cidr	string	"127.0.0.1/32"	CIDR that is allowed to use Proxy protocol on port 10025
postfix.postscreen.enabled	bool	false	Enable proxy protocol support
postfix.replicaCount	int	1	Number of postfix pods.
postfix.resources.limits.cpu	string	"500m"
postfix.resources.limits.memory	string	"512Mi"
postfix.resources.requests.cpu	string	"100m"
postfix.resources.requests.memory	string	"128Mi"
postfix.securityContext.allowPrivilegeEscalation	bool	false	prevent any process in the container to regain capabilities once dropped
postfix.securityContext.capabilities.add[0]	string	"SYS_CHROOT"	required to setup chroot with postfix
postfix.securityContext.capabilities.add[1]	string	"CHOWN"	required to adjust ownership of files using supervisord
postfix.securityContext.capabilities.add[2]	string	"CAP_NET_BIND_SERVICE"	required to bind privileged ports like 25, 465, 587
postfix.securityContext.capabilities.add[3]	string	"SETUID"	required to change user id as supervisord as well as postfix
postfix.securityContext.capabilities.add[4]	string	"SETGID"	required to change group id as supervisord as well as postfix
postfix.securityContext.capabilities.add[5]	string	"FOWNER"	required to set up the chroot directory on startup
postfix.securityContext.capabilities.add[6]	string	"DAC_OVERRIDE"	required to setup TLS and alike
postfix.securityContext.capabilities.drop[0]	string	"ALL"	getting rid of all capabilities since we already have too many
postfix.securityContext.runAsNonRoot	bool	false
postfix.service.public.type	string	"LoadBalancer"	type of the public endpoint for smtp, submission, and submissions. Note: It's configured to share the IP with dovecot in case of metallb
postfix.tls.secretName	string	"nil"	secret holding the TLS keys for postfix. Required
postfix.tolerations	list	[]
postfix.volumes.spool.accessModes[0]	string	"ReadWriteOnce"
postfix.volumes.spool.resources.requests.storage	string	"1Gi"
relay.relayHosts	object	{}	relay hosts used as part of the deployment
relay.saslPasswords	object	{}	passwords for the relay hosts
relay.tlsPolicies	string	""	tls policy in postfix https://www.postfix.org/TLS_README.html#client_tls_policy
serviceAccount.annotations	object	{}
serviceAccount.create	bool	true
serviceAccount.name	string	""

---

Autogenerated from chart metadata using helm-docs v1.11.0