ntfy (pronounced notify) is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer, and/or using a REST API. It's infinitely flexible, and 100% free software. It delivers all of these features within a single Docker image available on Docker Hub.
Head to the ntfy GitHub Repository or their Website for in-depth documentation and configuration guides.
helm repo add fmjstudios https://fmjstudios.github.io/helm
helm install ntfy fmjstudios/ntfy --version X.Y.Zhelm install oci://ghcr.io/fmjstudios/helm/ntfy:X.Y.ZThis chart bootstraps a ntfy StatefulSet or Deployment on a Kubernetes cluster using the Helm package manager. For cluster networking a Service and Ingress manifest is also created, whereas the Ingress needs to be explicitly enabled. Lastly the chart configures a PodDisruptionBudget if enabled. RBAC manifests are enabled by default.
The chart supports the configuration of
all ntfy environment variables via the ntfy key in
Helm's values and makes use of the official Docker Hub container image, although this is configurable via the Image
Parameters.
| Name | Description | Value |
|---|---|---|
image.registry |
The Docker registry to pull the image from | docker.io |
image.repository |
The registry repository to pull the image from | binwiederhier/ntfy |
image.tag |
The image tag to pull | v2.11.0 |
image.digest |
The image digest to pull | "" |
image.pullPolicy |
The Kubernetes image pull policy | IfNotPresent |
image.pullSecrets |
A list of secrets to use for pulling images from private registries | [] |
| Name | Description | Value |
|---|---|---|
nameOverride |
String to partially override ntfy.fullname | "" |
fullnameOverride |
String to fully override ntfy.fullname | "" |
| Name | Description | Value |
|---|---|---|
kind |
The kind of workload to deploy ntfy as (StatefulSet or Deployment) |
StatefulSet |
| Name | Description | Value |
|---|---|---|
ntfy.baseURL |
The public facing URL for the service (e.g. https://ntfy.example.com) | "" |
ntfy.listenHTTP |
The listen address for the HTTP server (e.g. ":80", "127.0.0.1:80") | "" |
ntfy.listenHTTPS |
The listen address for the HTTPS server (e.g. ":443", "127.0.0.1:443") - | "" |
ntfy.listenUnix |
The path to a Unix socket to listen on (e.g. "/var/run/ntfy/ntfy.sock") | "" |
ntfy.listenUnixMode |
The Linux permissions for the Unix socket (e.g. "0700") | "" |
ntfy.keyFile |
The path to a certificate key file (e.g. "/var/lib/ntfy/tls.key") | "" |
ntfy.certFile |
The path to a certificate file (e.g. "/var/lib/ntfy/tls.crt") | "" |
ntfy.firebaseKeyFile |
The path to a Firebase key file (e.g. "/var/lib/ntfy/key.json") | "" |
ntfy.behindProxy |
Wether or not ntfy is hosted behind a proxy | false |
ntfy.keepaliveInterval |
Interval in which keepalive messages are sent to the client | "" |
ntfy.managerInterval |
Interval in which the manager prunes old messages | "" |
ntfy.disallowedTopics |
Define topic names that are not allowed | [] |
ntfy.webRoot |
Define topic names that are not allowed | "" |
ntfy.enableSignup |
Allow users to sign up via the web app or API | false |
ntfy.enableLogin |
Allow users to sign in via the web app or API | false |
ntfy.enableReservations |
Allow users to reserve topics | false |
ntfy.globalTopicLimit |
The total number of topics before the server rejects new topics | 15000 |
ntfy.data.rootPath |
The root path for ntfy to store its' files | /var/lib/ntfy |
ntfy.data.pvc.size |
The size given to the new PVC | 5Gi |
ntfy.data.pvc.storageClass |
The storageClass given to the new PVC | standard |
ntfy.data.pvc.reclaimPolicy |
The resourcePolicy given to the new PVC | Retain |
ntfy.data.pvc.existingClaim |
Provide the name to an existing PVC | "" |
ntfy.cache.file |
The path where to create the SQLite cache database, beginning at ntfy.data.rootPath (e.g. "cache.db") | cache.db |
ntfy.cache.duration |
The duration for which messages will be buffered before they are deleted (e.g. "12h") | "" |
ntfy.cache.startupQueries |
SQLite queries to run on database initialization (e.g. to enable WAL mode) | "" |
ntfy.cache.batchSize |
The amount of messages within a single batch (e.g. 32) | 0 |
ntfy.cache.batchTimeout |
The timeout after which to write the batched messages to the DB (e.g. "0ms") | "" |
ntfy.auth.file |
The path where to create the SQLite user database (e.g. "auth.db") | "" |
ntfy.auth.defaultAccess |
The default access level for new users. Can be deny-all, read-only or write-only. |
"" |
ntfy.auth.startupQueries |
SQLite queries to run on database initialization (e.g. to enable WAL mode) | "" |
ntfy.attachment.cacheDir |
The directory for attached files (e.g. "attachments") | "" |
ntfy.attachment.totalSizeLimit |
The maximum total size of cacheDir (e.g. "5G") | "" |
ntfy.attachment.fileSizeLimit |
The maximum size of a single attachment (e.g. "15M") | "" |
ntfy.attachment.expiryDuration |
The duration after which uploaded attachments are deleted (e.g. "3h") | "" |
ntfy.smtp.senderAddr |
The hostname:port of the SMTP server (e.g. "mail.example.com:587") | "" |
ntfy.smtp.senderFrom |
The e-=mail address of the sender (e.g. "[email protected]") | "" |
ntfy.smtp.senderUser |
The username of the SMTP user (e.g. "[email protected]") | "" |
ntfy.smtp.senderPass |
The password of the SMTP user (e.g. "[email protected]") | "" |
ntfy.smtp.existingSecret |
An existing secret with a username and password key |
"" |
ntfy.smtp.incoming.listen |
The IP address and port the SMTP server will listen on (e.g. ":25" or "0.0.0.0:25") | "" |
ntfy.smtp.incoming.domain |
The email domain (e.g. "example.com") | "" |
ntfy.smtp.incoming.addrPrefix |
Optional prefix to prevent spam. If set to "ntfy-" for example, | "" |
ntfy.web.publicKey |
is the generated VAPID public key, (e.g. "AA...") | "" |
ntfy.web.privateKey |
is the generated VAPID private key, (e.g. "AA...") | "" |
ntfy.web.existingSecret |
An existing secret with a privateKey and publicKey a |
"" |
ntfy.web.file |
is a database file to keep track of browser subscription endpoints (e.g. "/var/cache/ntfy/webpush.db") | "" |
ntfy.web.emailAddress |
is the admin email address send to the push provider, (e.g. "[email protected]") | "" |
ntfy.web.startupQueries |
SQLite queries to run on database initialization (e.g. to enable WAL mode) | "" |
ntfy.twilio.accountSID |
is the Twilio account SID, (e.g. "AC12345beefbeef67890beefbeef122586") | "" |
ntfy.twilio.token |
is the Twilio authentication token, (e.g. "ThisIsAnAuthenticationToken") | "" |
ntfy.twilio.existingSecret |
An existing secret containing a accountSID and token key |
"" |
ntfy.twilio.phoneNumber |
The outgoing Twilio phone number (e.g. "+18775132586") | "" |
ntfy.twilio.verifyService |
Twilio verify service SID (e.g. "VA12345beefbeef67890beefbeef122586") | "" |
ntfy.upstream.baseURL |
The base URL of the upstream server, should be "https://ntfy.sh" | "" |
ntfy.upstream.accessToken |
the token used to authenticate with the upstream APNS server | "" |
ntfy.upstream.existingSecret |
A existing Secret containing a token key |
"" |
ntfy.message.sizeLimit |
The maximum size of a message body (e.g. "4k") | "" |
ntfy.message.delayLimit |
The maximum delay of a message when using the "Delay" header (e.g. "12h") | "" |
ntfy.visitor.subscriptionLimit |
The number of subscriptions per visitor (IP address) | 30 |
ntfy.visitor.requestLimitBurst |
The initial bucket of requests each visitor has (e.g. "60") | 60 |
ntfy.visitor.requestLimitReplenish |
The rate at which the bucket is refilled (e.g. "5s") | 5s |
ntfy.visitor.requestLimitExemptHosts |
A comma-separated list of hostnames, IPs or CIDRs to be | "" |
ntfy.visitor.messageDailyLimit |
Hard daily limit of messages per visitor and day. The limit is reset | 15000 |
ntfy.visitor.emailLimitBurst |
The initial bucket of emails each visitor has (e.g. "60") | 16 |
ntfy.visitor.emailLimitReplenish |
The rate at which the bucket is refilled (e.g. "5s") | 1h |
ntfy.visitor.attachmentTotalSizeLimit |
The total storage limit used for attachments per visitor | 100M |
ntfy.visitor.attachmentDailyBandwidthLimit |
The total daily attachment download/upload traffic limit per visitor | 500M |
ntfy.visitor.subscriberRateLimiting |
Whether to enable subscriber-based rate limiting | false |
ntfy.stripe.secretKey |
The key used for the Stripe API communication | "" |
ntfy.stripe.webhookKey |
The webhook key used for the Stripe API communication | "" |
ntfy.stripe.existingSecret |
An existing secret containing a secretKey and weboohKey keys |
"" |
ntfy.stripe.billingContact |
is an email address or site displayed in the "Upgrade tier" dialog to let people reach | "" |
ntfy.metrics.enabled |
enables the /metrics endpoint for the ntfy server | false |
ntfy.metrics.listenHTTP |
exposes the metrics endpoint via a dedicated [IP]:port. If set, this option | "" |
ntfy.metrics.profileListenHTTP |
If enabled, ntfy will listen on a dedicated listen IP/port | "" |
ntfy.log.level |
One of "trace", "debug", "info" (default), "warn" or "error" | info |
ntfy.log.levelOverrides |
lets you override the log level if certain fields match | "" |
ntfy.log.format |
One of "text" (default) or "json" | text |
ntfy.log.file |
The filename to write logs to. If this is not set, ntfy logs to stderr | "" |
| Name | Description | Value |
|---|---|---|
configMap.annotations |
Annotations for the ConfigMap resource | {} |
configMap.labels |
Extra Labels for the ConfigMap resource | {} |
| Name | Description | Value |
|---|---|---|
secret.annotations |
Common annotations for the SMTP, HIBP, Admin and Database secrets | {} |
secret.labels |
Common extra labels for the SMTP, HIBP, Admin and Database secrets | {} |
| Name | Description | Value |
|---|---|---|
ingress.enabled |
Whether to enable Ingress | false |
ingress.className |
The IngressClass to use for the pod's ingress | "" |
ingress.whitelist |
A comma-separated list of IP addresses to whitelist | "" |
ingress.annotations |
Annotations for the Ingress resource | {} |
ingress.tls |
A list of hostnames and secret names to use for TLS | [] |
ingress.extraHosts |
A list of extra hosts for the Ingress resource (with ntfy.baseURL) | [] |
| Name | Description | Value |
|---|---|---|
service.type |
The type of service to create | ClusterIP |
service.port |
The port to use on the service | 80 |
service.nodePort |
The Node port to use on the service | 30080 |
service.extraPorts |
Extra ports to add to the service | [] |
service.annotations |
Annotations for the service resource | {} |
service.labels |
Labels for the service resource | {} |
service.externalTrafficPolicy |
The external traffic policy for the service | Cluster |
service.internalTrafficPolicy |
The internal traffic policy for the service | Cluster |
service.clusterIP |
Define a static cluster IP for the service | "" |
service.loadBalancerIP |
Set the Load Balancer IP | "" |
service.loadBalancerClass |
Define Load Balancer class if service type is LoadBalancer (optional, cloud specific) |
"" |
service.loadBalancerSourceRanges |
Service Load Balancer source ranges | [] |
service.externalIPs |
Service External IPs | [] |
service.sessionAffinity |
Session Affinity for Kubernetes service, can be "None" or "ClientIP" | None |
service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
service.ipFamilyPolicy |
The ipFamilyPolicy | {} |
| Name | Description | Value |
|---|---|---|
rbac.create |
Whether to create RBAC resources | true |
rbac.rules |
Extra rules to add to the Role | [] |
| Name | Description | Value |
|---|---|---|
serviceAccount.create |
Whether a service account should be created | true |
serviceAccount.automount |
Whether to automount the service account token | false |
serviceAccount.annotations |
Annotations to add to the service account | {} |
serviceAccount.name |
A custom name for the service account, otherwise ntfy.fullname is used | "" |
serviceAccount.secrets |
A list of secrets mountable by this service account | [] |
| Name | Description | Value |
|---|---|---|
livenessProbe.enabled |
Enable or disable the use of liveness probes | false |
livenessProbe.initialDelaySeconds |
Configure the initial delay seconds for the liveness probe | 5 |
livenessProbe.timeoutSeconds |
Configure the initial delay seconds for the liveness probe | 1 |
livenessProbe.periodSeconds |
Configure the seconds for each period of the liveness probe | 10 |
livenessProbe.successThreshold |
Configure the success threshold for the liveness probe | 1 |
livenessProbe.failureThreshold |
Configure the failure threshold for the liveness probe | 10 |
| Name | Description | Value |
|---|---|---|
readinessProbe.enabled |
Enable or disable the use of readiness probes | false |
readinessProbe.initialDelaySeconds |
Configure the initial delay seconds for the readiness probe | 5 |
readinessProbe.timeoutSeconds |
Configure the initial delay seconds for the readiness probe | 1 |
readinessProbe.periodSeconds |
Configure the seconds for each period of the readiness probe | 10 |
readinessProbe.successThreshold |
Configure the success threshold for the readiness probe | 1 |
readinessProbe.failureThreshold |
Configure the failure threshold for the readiness probe | 3 |
| Name | Description | Value |
|---|---|---|
startupProbe.enabled |
Enable or disable the use of readiness probes | false |
startupProbe.initialDelaySeconds |
Configure the initial delay seconds for the startup probe | 5 |
startupProbe.timeoutSeconds |
Configure the initial delay seconds for the startup probe | 1 |
startupProbe.periodSeconds |
Configure the seconds for each period of the startup probe | 10 |
startupProbe.successThreshold |
Configure the success threshold for the startup probe | 1 |
startupProbe.failureThreshold |
Configure the failure threshold for the startup probe | 10 |
| Name | Description | Value |
|---|---|---|
podDisruptionBudget.enabled |
Enable the pod disruption budget | true |
podDisruptionBudget.minAvailable |
The minium amount of pods which need to be available | 1 |
| Name | Description | Value |
|---|---|---|
resources |
The resource limits/requests for the ntfy pod | {} |
volumes |
Define volumes for the ntfy pod | [] |
volumeMounts |
Define volumeMounts for the ntfy pod | [] |
initContainers |
Define initContainers for the main ntfy server | [] |
nodeSelector |
Node labels for pod assignment | {} |
tolerations |
Tolerations for pod assignment | [] |
affinity |
Affinity for pod assignment | {} |
strategy |
Specify a deployment strategy for the ntfy pod | {} |
podAnnotations |
Extra annotations for the ntfy pod | {} |
podLabels |
Extra labels for the ntfy pod | {} |
priorityClassName |
The name of an existing PriorityClass | "" |
| Name | Description | Value |
|---|---|---|
podSecurityContext |
Security context settings for the ntfy pod | {} |
securityContext |
General security context settings for | {} |