This repository contains the Kubernetes manifests to deploy Stalwart mail server.
Will deploy in a kubernetes cluster:
- All in one mail server
- TLS enabled using cert-manager certificates
- Utilities:
bash
,make
,sed
,kubectl
,yq
mikefarah's v4 and above,git
,curl
,gzip
,unzip
(Windows) - Working kubernetes cluster
- Optional:
- For helm chart generation: Helmify
- For litestream any of the following:
- AWS S3
- Minio (self hosted or SaaS)
- Backblaze Object Storage
- FluxCD client
- Fork this repository
- Clone it locally
git clone https://github.com/change-me/stalwart-kubernetes.git
- Recommended to use Listestream
- Keep StatefulSet replicas to 1
- Create a bucket in your S3 compatible storage and set environment variables:
export ACCESS_KEY_ID=value
export SECRET_ACCESS_KEY=value
- Generate configuration:
make config
will download and runstalwart-install
in interactive mode. In turn this will:- Download and modify stalwart toml config files in
config/etc
- Generate sqlite databases in
config/data
- Generate DKIM cert amd key in
config/etc/dkim
(excluded from git because contains secrets)
- Download and modify stalwart toml config files in
- Update generated stalwart config files as needed:
-
Default user directory is sql:
config/etc/config.toml:15 ... "%{BASE_PATH}%/etc/directory/sql.toml", ...
-
Can use other types instead
-
- Update
config/*.patch.yaml
files with your specific configuration:- Set
storageClassName
and storage size - Enable litestream:
- Comment out the removal of
initContainer/0
andcontainer/1
inconfig/statefulset.patch.yaml
- Configure bucket, path, endpoint in
config/listestream.yaml
- Comment out the removal of
- Set
- Deploy manually:
make install
- Will deploy in the current kubernetes context. Assumes
kubectl
is present and a local kuberenes context is configured - Alternatively, you can just generate the manifests:
make kustomize
and inspect them inout/
directory.
- Will deploy in the current kubernetes context. Assumes
git commit -am "Set up stalwart for domain yourdomain.org" && git push
-
Warning: config/kustomization.yaml contains a
secretGenerator
section that with plain text secrets. Remove it before pushing to a git repository:yq -i 'del(.secretGenerator)' config/kustomization.yaml
.
-
- Deploy using GitOps (recommended):
- Setup DKIM: follow
config/etc/dkim/yourdomain.org.readme
instructions - Uninstall manually:
kubectl delete ns stalwart
- Cleanup:
make clean
will remove all generated files
make helm
will generate a helm chart in chart/
directory. This is not the preferred way to deploy stalwart and is not tested, but it can be used as a reference.