fix(server/email): emails configuration is secure by default but can be overridden (#5417)

utils/helm/speckle-server/templates/_helpers.tpl

@@ -971,18 +971,20 @@ Generate the environment variables for Speckle server and Speckle objects deploy
 - name: EMAIL
   value: "true"
 - name: EMAIL_HOST
-  value: "{{ .Values.server.email.host }}"
+  value: {{ .Values.server.email.host | quote }}
 - name: EMAIL_PORT
-  value: "{{ .Values.server.email.port }}"
+  value: {{ .Values.server.email.port | quote }}
 - name: EMAIL_USERNAME
-  value: "{{ .Values.server.email.username }}"
+  value: {{ .Values.server.email.username | quote }}
 - name: EMAIL_PASSWORD
   valueFrom:
     secretKeyRef:
       name: {{ default .Values.secretName .Values.server.email.password.secretName }}
       key: {{ default "email_password" .Values.server.email.password.secretKey }}
 - name: EMAIL_FROM
-  value: "{{ .Values.server.email.from }}"
+  value: {{ .Values.server.email.from | quote }}
+- name: EMAIL_SECURE
+  value: {{ .Values.server.email.secure | quote }}
 - name: EMAIL_VERIFICATION_TIMEOUT_MINUTES
   value: {{ .Values.server.email.verificationTimeoutMinutes | quote }}
 {{- end }}

utils/helm/speckle-server/values.schema.json

@@ -1307,6 +1307,11 @@
                 }
               }
             },
+            "secure": {
+              "type": "boolean",
+              "description": "If true, will use TLS when connecting to the email server",
+              "default": true
+            },
             "networkPolicy": {
               "type": "object",
               "properties": {

utils/helm/speckle-server/values.yaml

@@ -800,6 +800,9 @@ server:
       ## @param server.email.password.secretKey The key within the Kubernetes Secret holding the email password as its value.
       ##
       secretKey: ''
+    ## @param server.email.secure If true, will use TLS when connecting to the email server
+    ##
+    secure: true
     ## @extra server.email.networkPolicy If networkPolicy is enabled for Speckle server, this provides the Network Policy with the necessary details to allow egress connections to the email server
     ##
     networkPolicy: