-
Sheogorath authoredThis patch fixes the absense of persistence for sieve rules, due to being layed out in parallel to the `/srv/mail/mailbox` directory in the dovecot container. By moving the mountpoint to `/var/mail` the sieve rules should be persisted along the way with the mailboxes. BREAKING CHANGE: This patch adjusts the mount location for mail data, which will require manual interaction.
Sheogorath authoredThis patch fixes the absense of persistence for sieve rules, due to being layed out in parallel to the `/srv/mail/mailbox` directory in the dovecot container. By moving the mountpoint to `/var/mail` the sieve rules should be persisted along the way with the mailboxes. BREAKING CHANGE: This patch adjusts the mount location for mail data, which will require manual interaction.
README.md 6.86 KiB
mok
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
Maintainers
| Name | Url | |
|---|---|---|
| Sheogorath | https://shivering-isles.com/contribute |
Source Code
Values
| Key | Type | Default | Description |
|---|---|---|---|
| domains | object | {} |
list of configured domains and users. See values.yaml for details. |
| dovecot.affinity | object | {} |
|
| dovecot.image.pullPolicy | string | "IfNotPresent" |
|
| dovecot.image.repository | string | "quay.io/shivering-isles/dovecot" |
dovecot container image |
| dovecot.image.tag | string | "0.1.1" |
Overrides the image tag whose default is "latest" |
| dovecot.imagePullSecrets | list | [] |
pull secret to access the afore defined image |
| dovecot.nodeSelector | object | {} |
|
| dovecot.podAnnotations | object | {} |
|
| dovecot.podSecurityContext | object | {} |
|
| dovecot.replicaCount | int | 1 |
Number of Dovecot pods. Important: With the current configuration, it's not recommended to scale beyond 1 |
| dovecot.resources.limits.cpu | string | "500m" |
|
| dovecot.resources.limits.memory | string | "512Mi" |
|
| dovecot.resources.requests.cpu | string | "100m" |
|
| dovecot.resources.requests.memory | string | "128Mi" |
|
| dovecot.securityContext.allowPrivilegeEscalation | bool | false |
|
| dovecot.securityContext.capabilities.add[0] | string | "SYS_CHROOT" |
required to setup chroot for dovecot https://wiki.dovecot.org/HowTo/Rootless |
| dovecot.securityContext.capabilities.add[1] | string | "CHOWN" |
required to set up file structure |
| dovecot.securityContext.capabilities.add[2] | string | "CAP_NET_BIND_SERVICE" |
required to bind privileged ports in the container, such as 993, 143, 24, etc. |
| dovecot.securityContext.capabilities.add[3] | string | "SETUID" |
required to drop privileges with dovecot process |
| dovecot.securityContext.capabilities.add[4] | string | "SETGID" |
required to drop privileges with dovecot process |
| dovecot.securityContext.capabilities.add[5] | string | "FOWNER" |
required to create spool directories |
| dovecot.securityContext.capabilities.drop[0] | string | "ALL" |
required to drop privileges by default |
| dovecot.securityContext.runAsNonRoot | bool | false |
|
| dovecot.service.internal.type | string | "ClusterIP" |
type of the public endpoint for lmtp, metrics, authentication |
| dovecot.service.public.type | string | "LoadBalancer" |
type of the public endpoint for pop3, imap, and sieve Note: It's configured to share the IP with postfix in case of metallb |
| dovecot.tls.secretName | string | "nil" |
secret holding the TLS keys for dovecot. Required |
| dovecot.tolerations | list | [] |
|
| dovecot.volumes.vmail.accessModes | list | ["ReadWriteMany"] |
Volume access mode, using ReadWriteMany in order to prepare setup with dovcecot director |
| dovecot.volumes.vmail.resources.requests.storage | string | "5Gi" |
|
| dovecot.volumes.vmail.volumeMode | string | "Filesystem" |
|
| fullnameOverride | string | "" |
|
| nameOverride | string | "" |
|
| networkPolicy.create | bool | true |
Create NetworkPolicies to access the mailserver from outside |
| postfix.affinity | object | {} |
|
| postfix.image.pullPolicy | string | "IfNotPresent" |
|
| postfix.image.repository | string | "quay.io/shivering-isles/postfix" |
postfix container image |
| postfix.image.tag | string | "0.2.2" |
Overrides the image tag whose default is "latest" |
| postfix.imagePullSecrets | list | [] |
|
| postfix.nodeSelector | object | {} |
|
| postfix.podAnnotations | object | {} |
|
| postfix.podDisruptionBudget.enabled | bool | true |
Enable PodDisruptionBudget if replicaCount is set to > 2 |
| postfix.podSecurityContext | object | {} |
|
| postfix.postscreen.cidr | string | "127.0.0.1/32" |
CIDR that is allowed to use Proxy protocol on port 10025 |
| postfix.postscreen.enabled | bool | false |
Enable proxy protocol support |
| postfix.replicaCount | int | 1 |
Number of postfix pods. |
| postfix.resources.limits.cpu | string | "500m" |
|
| postfix.resources.limits.memory | string | "512Mi" |
|
| postfix.resources.requests.cpu | string | "100m" |
|
| postfix.resources.requests.memory | string | "128Mi" |
|
| postfix.securityContext.allowPrivilegeEscalation | bool | false |
prevent any process in the container to regain capabilities once dropped |
| postfix.securityContext.capabilities.add[0] | string | "SYS_CHROOT" |
required to setup chroot with postfix |
| postfix.securityContext.capabilities.add[1] | string | "CHOWN" |
required to adjust ownership of files using supervisord |
| postfix.securityContext.capabilities.add[2] | string | "CAP_NET_BIND_SERVICE" |
required to bind privileged ports like 25, 465, 587 |
| postfix.securityContext.capabilities.add[3] | string | "SETUID" |
required to change user id as supervisord as well as postfix |
| postfix.securityContext.capabilities.add[4] | string | "SETGID" |
required to change group id as supervisord as well as postfix |
| postfix.securityContext.capabilities.add[5] | string | "FOWNER" |
required to set up the chroot directory on startup |
| postfix.securityContext.capabilities.add[6] | string | "DAC_OVERRIDE" |
required to setup TLS and alike |
| postfix.securityContext.capabilities.drop[0] | string | "ALL" |
getting rid of all capabilities since we already have too many |
| postfix.securityContext.runAsNonRoot | bool | false |
|
| postfix.service.public.type | string | "LoadBalancer" |
type of the public endpoint for smtp, submission, and submissions. Note: It's configured to share the IP with dovecot in case of metallb |
| postfix.tls.secretName | string | "nil" |
secret holding the TLS keys for postfix. Required |
| postfix.tolerations | list | [] |
|
| postfix.volumes.spool.accessModes[0] | string | "ReadWriteOnce" |
|
| postfix.volumes.spool.resources.requests.storage | string | "1Gi" |
|
| relay.relayHosts | object | {} |
relay hosts used as part of the deployment |
| relay.saslPasswords | object | {} |
passwords for the relay hosts |
| relay.tlsPolicies | string | "" |
tls policy in postfix https://www.postfix.org/TLS_README.html#client_tls_policy |
| serviceAccount.annotations | object | {} |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
Autogenerated from chart metadata using helm-docs v1.10.0