Skip to content
Snippets Groups Projects
Unverified Commit 5b4a5b87 authored by Janne Mareike Koschinski's avatar Janne Mareike Koschinski
Browse files

feat: add stalwart

parent 796dae6c
Branches
No related tags found
No related merge requests found
apiVersion: v2
name: stalwart
description: Helm Chart for stalwart
type: application
version: 1.0.0
appVersion: "latest"
lint-stalwart:
stage: lint
rules:
- changes:
- stalwart/**/*
script:
- helm lint stalwart
release-stalwart:
stage: release
needs:
- lint-stalwart
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- stalwart/**/*
script:
- apk add --no-cache git
- helm plugin install https://github.com/chartmuseum/helm-push.git
- helm repo add --username gitlab-ci-token --password $CI_JOB_TOKEN repo ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
- helm cm-push stalwart repo
{{/*
Expand the name of the chart.
*/}}
{{- define "stalwart-helm.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "stalwart-helm.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "stalwart-helm.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "stalwart-helm.labels" -}}
helm.sh/chart: {{ include "stalwart-helm.chart" . }}
{{ include "stalwart-helm.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "stalwart-helm.selectorLabels" -}}
app.kubernetes.io/name: {{ include "stalwart-helm.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "stalwart-helm.sslPath" -}}
/certs
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "stalwart-helm.fullname" . }}
labels:
{{- include "stalwart-helm.labels" . | nindent 4 }}
data:
config.toml: |
[server]
hostname = {{ .Values.mail.hostname | toJson }}
listener.http.bind = "[::]:8080"
listener.http.protocol = "http"
listener.https.bind = "[::]:443"
listener.https.protocol = "http"
listener.https.tls.implicit = true
listener.imap.bind = "[::]:143"
listener.imap.protocol = "imap"
listener.imap.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.imaptls.bind = "[::]:993"
listener.imaptls.protocol = "imap"
listener.imaptls.tls.implicit = true
listener.imaptls.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.pop3.bind = "[::]:110"
listener.pop3.protocol = "pop3"
listener.pop3.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.pop3s.bind = "[::]:995"
listener.pop3s.protocol = "pop3"
listener.pop3s.tls.implicit = true
listener.pop3s.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.sieve.bind = "[::]:4190"
listener.sieve.protocol = "managesieve"
listener.sieve.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.smtp.bind = "[::]:25"
listener.smtp.protocol = "smtp"
listener.smtp.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.submission.bind = "[::]:587"
listener.submission.protocol = "smtp"
listener.submission.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
listener.submissions.bind = "[::]:465"
listener.submissions.protocol = "smtp"
listener.submissions.tls.implicit = true
listener.submissions.proxy.trusted-networks = {{ .Values.trustedNetworks | toJson }}
max-connections = 8192
socket.backlog = 1024
socket.nodelay = true
socket.reuse-addr = true
socket.reuse-port = true
http.url = "protocol + '://' + '{{ .Values.ingress.endpoint }}' + ':' + local_port"
http.use-x-forwarded = true
[certificate.default]
default = true
cert = "%{file:/etc/certs/{{.Values.tls.certificateFile}}}%"
private-key = "%{file:/etc/certs/{{.Values.tls.privateKeyFile}}}%"
[tracer]
[tracer.log]
ansi = false
enable = false
level = "info"
path = "/opt/stalwart-mail/logs"
prefix = "stalwart.log"
rotate = "daily"
type = "log"
[directory]
{{- range $id, $config := .Values.directory }}
[directory.{{ $id }}]
{{- range $key, $value := $config }}
{{ $key }} = {{ $value | toJson }}
{{- end }}
{{- end }}
[storage]
{{- range $key, $value := .Values.storage }}
{{ $key }} = {{ $value | toJson }}
{{- end }}
[store]
{{- range $id, $config := .Values.store }}
[store.{{ $id }}]
{{- range $key, $value := $config }}
{{ $key }} = {{ $value | toJson }}
{{- end }}
{{- end }}
[authentication.fallback-admin]
{{- range $key, $value := .Values.fallbackAdmin }}
{{ $key }} = {{ $value | toJson }}
{{- end }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "stalwart-helm.fullname" . }}
labels:
{{- include "stalwart-helm.labels" . | nindent 4 }}
annotations:
{{- .Values.ingress.annotations | toYaml | nindent 4 }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
- host: {{ .Values.ingress.endpoint }}
http:
paths:
- backend:
service:
name: {{ include "stalwart-helm.fullname" . }}
port:
name: https
path: /
pathType: Prefix
{{- range .Values.mail.domains }}
- host: mta-sts.{{ . }}
http:
paths:
- backend:
service:
name: {{ include "stalwart-helm.fullname" $ }}
port:
name: https
path: /
pathType: Prefix
- host: {{ . }}
http:
paths:
- backend:
service:
name: {{ include "stalwart-helm.fullname" $ }}
port:
name: https
path: /.well-known/autoconfig
pathType: ImplementationSpecific
- backend:
service:
name: {{ include "stalwart-helm.fullname" $ }}
port:
name: https
path: /.well-known/mta-sts.txt
pathType: ImplementationSpecific
{{- end }}
tls:
- secretName: {{ .Values.tls.existingSecret }}
\ No newline at end of file
apiVersion: v1
kind: Service
metadata:
name: {{ include "stalwart-helm.fullname" . }}
labels:
{{- include "stalwart-helm.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
# smtp
- name: submission
port: 25
targetPort: submission
protocol: TCP
- name: smtp
port: 587
targetPort: smtp
protocol: TCP
- name: smtps
port: 465
targetPort: smtps
protocol: TCP
# imap
- name: imap
port: 143
targetPort: imap
protocol: TCP
- name: imaps
port: 993
targetPort: imaps
protocol: TCP
# pop3
- name: pop3
port: 110
targetPort: pop3
protocol: TCP
- name: pop3s
port: 995
targetPort: pop3s
protocol: TCP
# sieve
- name: sieve
port: 4190
targetPort: sieve
protocol: TCP
# http
- name: https
port: 443
targetPort: https
protocol: TCP
- name: http
port: 8080
targetPort: http
protocol: TCP
selector:
{{- include "stalwart-helm.selectorLabels" . | nindent 4 }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "stalwart-helm.fullname" . }}
labels:
{{- include "stalwart-helm.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
serviceName: {{ include "stalwart-helm.fullname" . }}
selector:
matchLabels:
{{- include "stalwart-helm.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "stalwart-helm.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: config
configMap:
defaultMode: 0640
name: {{ include "stalwart-helm.fullname" . }}
- name: certs
secret:
defaultMode: 0640
secretName: {{ .Values.tls.existingSecret }}
- name: tmp
emptyDir: {}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
# smtp
- containerPort: 25
protocol: TCP
name: submission
- containerPort: 587
protocol: TCP
name: smtp
- containerPort: 465
protocol: TCP
name: smtps
# imap
- containerPort: 143
protocol: TCP
name: imap
- containerPort: 993
protocol: TCP
name: imaps
# pop3
- containerPort: 110
protocol: TCP
name: pop3
- containerPort: 995
protocol: TCP
name: pop3s
# sieve
- containerPort: 4190
protocol: TCP
name: sieve
# http
- containerPort: 443
protocol: TCP
name: https
- containerPort: 8080
protocol: TCP
name: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- mountPath: /opt/stalwart-mail/etc
name: config
- mountPath: /etc/certs
name: certs
- mountPath: /tmp
name: tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
replicaCount: 1
image:
repository: stalwartlabs/mail-server
pullPolicy: IfNotPresent
tag: ""
imagePullSecrets: [ ]
nameOverride: ""
fullnameOverride: ""
mail:
hostname: example.com
domains:
- example.com
- mail.example.com
trustedNetworks: [ ]
fallbackAdmin:
user: admin
secret: ""
directory:
internal:
bind.dn: admin
bind.secret: ""
store: database
type: internal
storage: {}
store: {}
ingress:
endpoint: mail.example.com
className: nginx
annotations: { }
tls:
existingSecret: ""
certificateFile: "tls.crt"
privateKeyFile: "tls.key"
podAnnotations: { }
podSecurityContext:
fsGroup: 2000
securityContext:
#capabilities:
# drop:
# - ALL
readOnlyRootFilesystem: true
#runAsNonRoot: true
#runAsUser: 1000
service:
type: ClusterIP
volume: |-
emptyDir: {}
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 20m
memory: 64Mi
nodeSelector: { }
tolerations: [ ]
affinity: { }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment