Skip to content

Latest commit

 

History

History

sftpgo

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
ci
ci
 
 
templates
templates
 
 
.helmignore
.helmignore
 
 
Chart.yaml
Chart.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README.md.gotmpl
README.md.gotmpl
 
 
values.yaml
values.yaml
 
 

README.md

sftpgo

version: 0.23.1 type: application app version: 2.5.4 kube version: >=1.16.0-0 artifact hub

Fully featured and highly configurable SFTP server with optional FTP/S and WebDAV support.

Homepage: https://github.com/drakkan/sftpgo

TL;DR;

helm repo add skm https://charts.sagikazarmark.dev
helm install --generate-name --wait skm/sftpgo

Configuration

SFTPGo has an extensive set of configuration options allowing you to control the large set of features it provides.

The following options are available to configure SFTPGo when installing it with this chart.

Note: environmental configurations (like port bindings, certain directories, etc) are configured by the chart or the container image using flags and environment variables and they cannot be configured using a config file.

values.yaml

Setting the config key in the values file is the easiest way to configure SFTPGo:

config:
    sftpd:
        max_auth_retries: 10

Custom volume mount

A custom configuration file can be mounted using the volumes and volumeMounts keys (see Values).

By default, SFTPGo looks at the following locations for configuration (in the order of precedence):

  • /var/lib/.config/sftpgo
  • /etc/sftpgo (already mounted by this chart)

You can mount a config map or a secret to /var/lib/.config/sftpgo.

Note: this method will override all configuration set in values.yaml.

Example:

# configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: custom-sftpgo-config
data:
  sftpgo.yaml: |-
    sftpd:
        max_auth_retries: 10
# values.yaml

volumes:
  - name: custom-config # config is already taken
    configMap:
      name: custom-sftpgo-config

volumeMounts:
  - name: custom-config # config is already taken
    mountPath: /var/lib/sftpgo/.config/sftpgo

Alternatively, you can mount the config file to any arbitrary location (except /etc/sftpgo) and set the SFTPGO_CONFIG_FILE environment variable (using env or envFrom, see Values).

Custom services

The primary service created by the chart includes every enabled server (including HTTP and telemetry). This can be a problem when you want to expose specific (but not all) servers to the internet using a LoadBalancer type service.

The services option in the values file allows you to create custom services enabling specific server ports.

The following example exposes the SFTP server (and only the SFTP server) using a LoadBalancer service:

services:
  sftp-public:
    annotations:
      external-dns.alpha.kubernetes.io/hostname: sftp.mydomain.com.
    type: LoadBalancer
    ports:
      sftp: 22

Additional services accept the same options as the service option in the values file and require at least one port.

Values

Key Type Default Description
replicaCount int 1 Number of replicas (pods) to launch.
deploymentStrategy object {} Define the strategy to replace old Pods by new ones during updates.
image.repository string "ghcr.io/drakkan/sftpgo" Name of the image repository to pull the container image from.
image.pullPolicy string "IfNotPresent" Image pull policy for updating already existing images on a node.
image.tag string "" Image tag override for the default value (chart appVersion).
imagePullSecrets list [] Reference to one or more secrets to be used when pulling images (from private registries).
nameOverride string "" A name in place of the chart name for app: labels.
fullnameOverride string "" A name to substitute for the full names of resources.
sftpd.enabled bool true Enable SFTP service.
ftpd.enabled bool false Enable FTP service.
webdavd.enabled bool false Enable WebDAV service.
httpd.enabled bool true Enable HTTP service.
config object {} Application configuration. See the official documentation.
volumes list [] Additional storage volumes. See the API reference for details.
volumeMounts list [] Additional volume mounts. See the API reference for details.
envFrom list [] Additional environment variables mounted from secrets or config maps. See the API reference for details.
envVars list [] Additional environment variables passed directly to containers. See the API reference for details.
env object {} Additional environment variables passed directly to containers using a simplified key-value syntax.
serviceAccount.create bool true Enable service account creation.
serviceAccount.annotations object {} Annotations to be added to the service account.
serviceAccount.name string "" The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
deploymentAnnotations object {} Annotations to be added to deployment.
podAnnotations object {} Annotations to be added to pods.
podSecurityContext object {"fsGroup":1000} Pod security context. See the API reference for details.
securityContext object {} Container security context. See the API reference for details.
initContainers list [] Add init containers to the pod.
service.annotations object {} Annotations to be added to the service.
service.type string "ClusterIP" Kubernetes service type.
service.loadBalancerIP string nil Only applies when the service type is LoadBalancer. Load balancer will get created with the IP specified in this field.
service.loadBalancerSourceRanges list [] If specified (and supported by the cloud provider), traffic through the load balancer will be restricted to the specified client IPs. Valid values are IP CIDR blocks.
service.ports.sftp.port int 22 SFTP service port.
service.ports.sftp.nodePort int nil SFTP node port (when applicable).
service.ports.ftp.port int 21 FTP service port.
service.ports.ftp.nodePort int nil FTP node port (when applicable).
service.ports.webdav.port int 81 WebDAV service port.
service.ports.webdav.nodePort int nil WebDAV node port (when applicable).
service.ports.http.port int 80 REST API service port.
service.ports.http.nodePort int nil REST API node port (when applicable).
service.externalTrafficPolicy string nil Route external traffic to node-local or cluster-wide endoints. Useful for preserving the client source IP.
service.sessionAffinity string nil Enable client IP based session affinity. More info
services object {} Additional services exposing servers (SFTP, FTP, WebDAV, HTTP) individually. The schema matches the one under the service key. Additional services need at least one port.
ui.ingress.enabled bool false Enable ingress.
ui.ingress.className string "" Ingress class name.
ui.ingress.annotations object {} Annotations to be added to the ingress.
ui.ingress.hosts list See values.yaml. Ingress host configuration.
ui.ingress.tls list See values.yaml. Ingress TLS configuration.
api.ingress.enabled bool false Enable ingress.
api.ingress.className string "" Ingress class name.
api.ingress.annotations object {} Annotations to be added to the ingress.
api.ingress.hosts list See values.yaml. Ingress host configuration.
api.ingress.tls list See values.yaml. Ingress TLS configuration.
resources object No requests or limits. Container resource requests and limits. See the API reference for details.
autoscaling object Disabled by default. Autoscaling configuration (see values.yaml for details).
nodeSelector object {} Node selector configuration.
tolerations list [] Tolerations for node taints. See the API reference for details.
affinity object {} Affinity configuration. See the API reference for details.
hostNetwork bool false Run pods in the host network of nodes. Warning: The use of host network is discouraged. Make sure to use it only when absolutely necessary.
topologySpreadConstraints.enabled bool false Enable pod Topology Spread Constraints.
topologySpreadConstraints.maxSkew int 1 Degree to which pods may be unevenly distributed.
topologySpreadConstraints.topologyKey string "topology.kubernetes.io/zone" The key of node labels. See https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/
topologySpreadConstraints.whenUnsatisfiable string "DoNotSchedule" How to deal with a Pod if it doesn't satisfy the spread constraint.
persistence.enabled bool false Enable persistent storage for the /var/lib/sftpgo directory, saving state of the default sqlite db.
persistence.pvc object {"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"5Gi"}},"storageClassName":"premium-rwo"} Create the pvc desired specificiation.