feat(stalwart): deploy Stalwart mail server with CNPG and S3
- stalwart namespace with Deployment + HPA (2-6 replicas) - CNPG PostgreSQL cluster (3 instances, 20Gi cephrbd-fast-delete) with PgBouncer pooler - S3/Ceph-RGW for blob storage (stalwart-maildata bucket, lz4 compressed) - Secrets from Vault: postgres-credentials, s3-credentials, stalwart-admin - TLS cert via cert-manager (vault-issuer) for mail.main.unkin.net - SMTP relay on port 25 (internal ClusterIP, trusted pod CIDRs) - Submission on port 587, IMAP 143/993, HTTPS 443 via LoadBalancer - HTTP port 8080 for Traefik reverse proxy (web admin at mail.k8s.syd1.au.unkin.net) - Outbound mail routed through postfix.mailgateway.svc.cluster.local:25 - Spam filtering offloaded to postfix/rspamd (disabled internally)
This commit is contained in:
@@ -0,0 +1,38 @@
|
||||
---
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: stalwart-hpa
|
||||
namespace: stalwart
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: stalwart
|
||||
minReplicas: 2
|
||||
maxReplicas: 6
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 70
|
||||
behavior:
|
||||
scaleUp:
|
||||
stabilizationWindowSeconds: 0
|
||||
selectPolicy: Max
|
||||
policies:
|
||||
- type: Percent
|
||||
value: 100
|
||||
periodSeconds: 60
|
||||
- type: Pods
|
||||
value: 2
|
||||
periodSeconds: 30
|
||||
scaleDown:
|
||||
stabilizationWindowSeconds: 300
|
||||
selectPolicy: Min
|
||||
policies:
|
||||
- type: Percent
|
||||
value: 30
|
||||
periodSeconds: 60
|
||||
Reference in New Issue
Block a user