mok

Version: 0.13.0 Type: application

Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.

Maintainers

NameEmailUrl
Sheogorathhttps://shivering-isles.com

Source Code

Values

KeyTypeDefaultDescription
deniedSenderslist[]list of rejected email addresses or domains. See values.yaml for Details
domainsobject{}list of configured domains and users. See values.yaml for details.
dovecot.affinityobject{}
dovecot.image.pullPolicystring"IfNotPresent"
dovecot.image.repositorystring"quay.io/shivering-isles/dovecot"dovecot container image
dovecot.image.tagstring"2.3.21"Overrides the image tag whose default is "latest"
dovecot.imagePullSecretslist[]pull secret to access the afore defined image
dovecot.nodeSelectorobject{}
dovecot.podAnnotationsobject{}
dovecot.podSecurityContextobject{}
dovecot.replicaCountint1Number of Dovecot pods. Important: With the current configuration, it's not recommended to scale beyond 1
dovecot.resources.limits.cpustring"500m"
dovecot.resources.limits.memorystring"512Mi"
dovecot.resources.requests.cpustring"100m"
dovecot.resources.requests.memorystring"128Mi"
dovecot.securityContext.allowPrivilegeEscalationboolfalse
dovecot.securityContext.capabilities.add[0]string"SYS_CHROOT"required to setup chroot for dovecot https://wiki.dovecot.org/HowTo/Rootless
dovecot.securityContext.capabilities.add[1]string"CHOWN"required to set up file structure
dovecot.securityContext.capabilities.add[2]string"CAP_NET_BIND_SERVICE"required to bind privileged ports in the container, such as 993, 143, 24, etc.
dovecot.securityContext.capabilities.add[3]string"SETUID"required to drop privileges with dovecot process
dovecot.securityContext.capabilities.add[4]string"SETGID"required to drop privileges with dovecot process
dovecot.securityContext.capabilities.add[5]string"FOWNER"required to create spool directories
dovecot.securityContext.capabilities.add[6]string"KILL"required by management process to keep subprocesses in check
dovecot.securityContext.capabilities.drop[0]string"ALL"required to drop privileges by default
dovecot.securityContext.runAsNonRootboolfalse
dovecot.service.internal.typestring"ClusterIP"type of the public endpoint for lmtp, metrics, authentication
dovecot.service.public.typestring"LoadBalancer"type of the public endpoint for pop3, imap, and sieve Note: It's configured to share the IP with postfix in case of metallb
dovecot.tls.secretNamestring"nil"secret holding the TLS keys for dovecot. Required
dovecot.tolerationslist[]
dovecot.volumes.vmail.accessModeslist["ReadWriteMany"]Volume access mode, using ReadWriteMany in order to prepare setup with dovcecot director
dovecot.volumes.vmail.resources.requests.storagestring"5Gi"
dovecot.volumes.vmail.volumeModestring"Filesystem"
fullnameOverridestring""
nameOverridestring""
networkPolicy.createbooltrueCreate NetworkPolicies to access the mailserver from outside
postfix.affinityobject{}
postfix.hostnamestringnilexplicitly set postfix hostname
postfix.image.pullPolicystring"IfNotPresent"
postfix.image.repositorystring"quay.io/shivering-isles/postfix"postfix container image
postfix.image.tagstring"3.8.6"Overrides the image tag whose default is "latest"
postfix.imagePullSecretslist[]
postfix.nodeSelectorobject{}
postfix.podAnnotationsobject{}
postfix.podDisruptionBudget.enabledbooltrueEnable PodDisruptionBudget if replicaCount is set to > 2
postfix.podSecurityContextobject{}
postfix.postscreen.cidrstring"127.0.0.1/32"CIDR that is allowed to use Proxy protocol on port 10025
postfix.postscreen.enabledboolfalseEnable proxy protocol support
postfix.replicaCountint1Number of postfix pods.
postfix.resources.limits.cpustring"500m"
postfix.resources.limits.memorystring"512Mi"
postfix.resources.requests.cpustring"100m"
postfix.resources.requests.memorystring"128Mi"
postfix.securityContext.allowPrivilegeEscalationboolfalseprevent any process in the container to regain capabilities once dropped
postfix.securityContext.capabilities.add[0]string"SYS_CHROOT"required to setup chroot with postfix
postfix.securityContext.capabilities.add[1]string"CHOWN"required to adjust ownership of files using supervisord
postfix.securityContext.capabilities.add[2]string"CAP_NET_BIND_SERVICE"required to bind privileged ports like 25, 465, 587
postfix.securityContext.capabilities.add[3]string"SETUID"required to change user id as supervisord as well as postfix
postfix.securityContext.capabilities.add[4]string"SETGID"required to change group id as supervisord as well as postfix
postfix.securityContext.capabilities.add[5]string"FOWNER"required to set up the chroot directory on startup
postfix.securityContext.capabilities.add[6]string"DAC_OVERRIDE"required to setup TLS and alike
postfix.securityContext.capabilities.drop[0]string"ALL"getting rid of all capabilities since we already have too many
postfix.securityContext.runAsNonRootboolfalse
postfix.service.public.externalTrafficPolicystring"Local"
postfix.service.public.typestring"LoadBalancer"type of the public endpoint for smtp, submission, and submissions. Note: It's configured to share the IP with dovecot in case of metallb
postfix.tls.secretNamestring"nil"secret holding the TLS keys for postfix. Required
postfix.tolerationslist[]
postfix.volumes.spool.accessModes[0]string"ReadWriteOnce"
postfix.volumes.spool.resources.requests.storagestring"1Gi"
relay.relayHostsobject{}relay hosts used as part of the deployment
relay.saslPasswordsobject{}passwords for the relay hosts
relay.tlsPoliciesstring""tls policy in postfix https://www.postfix.org/TLS_README.html#client_tls_policy
serviceAccount.annotationsobject{}
serviceAccount.createbooltrue
serviceAccount.namestring""

Autogenerated from chart metadata using helm-docs v1.13.1