feat(stalwart): use Valkey for in-memory store, improve health probes

- Replace PostgreSQL in-memory store with Valkey (Redis-compatible) for
  better performance on rate limiting, distributed locks, and OAuth codes
- Add single-replica Valkey deployment with no persistence (data is transient)
- Switch liveness/readiness probes to HTTP GET /healthz/live and
  /healthz/ready on port 8080 per official Kubernetes probe documentation
- Update webadmin resource URL to use artifactapi proxy instead of direct
  GitHub download
This commit is contained in:
2026-05-24 12:56:32 +10:00
parent 0d89a69c18
commit b465763302
4 changed files with 74 additions and 8 deletions
+1
View File
@@ -12,6 +12,7 @@ resources:
- services.yaml
- stalwart-deployment.yaml
- stalwart-hpa.yaml
- valkey.yaml
- vaultauth.yaml
- vaultstaticsecret.yaml
+7 -2
View File
@@ -67,7 +67,7 @@ permissive-cors = false
[webadmin]
path = "/var/lib/stalwart/webadmin"
auto-update = true
resource = "https://github.com/stalwartlabs/webadmin/releases/latest/download/webadmin.zip"
resource = "https://artifactapi.k8s.syd1.au.unkin.net/generic/github/stalwartlabs/webadmin/releases/latest/download/webadmin.zip"
# PostgreSQL store (via CNPG pooler)
[store."postgresql"]
@@ -104,6 +104,11 @@ compression = "lz4"
[store."s3".purge]
frequency = "30 5 *"
# Valkey in-memory store (rate limiting, locks, OAuth codes, greylisting)
[store."valkey"]
type = "redis"
urls = ["redis://stalwart-valkey.stalwart.svc.cluster.local:6379"]
# Storage assignment
[storage]
data = "postgresql"
@@ -111,7 +116,7 @@ fts = "postgresql"
blob = "s3"
lookup = "postgresql"
directory = "internal"
in-memory = "postgresql"
in-memory = "valkey"
# Directory configuration
[directory.internal]
+8 -6
View File
@@ -66,16 +66,18 @@ spec:
name: stalwart-admin
key: password_hash
livenessProbe:
tcpSocket:
port: 25
httpGet:
path: /healthz/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 25
initialDelaySeconds: 15
httpGet:
path: /healthz/ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
+58
View File
@@ -0,0 +1,58 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: stalwart-valkey
namespace: stalwart
spec:
replicas: 1
selector:
matchLabels:
app: stalwart-valkey
template:
metadata:
labels:
app: stalwart-valkey
spec:
containers:
- name: valkey
image: valkey/valkey:8-alpine
args:
- "--save"
- ""
- "--appendonly"
- "no"
ports:
- containerPort: 6379
name: valkey
protocol: TCP
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 500m
memory: 256Mi
livenessProbe:
tcpSocket:
port: 6379
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
exec:
command: ["valkey-cli", "ping"]
initialDelaySeconds: 5
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: stalwart-valkey
namespace: stalwart
spec:
selector:
app: stalwart-valkey
ports:
- port: 6379
targetPort: 6379
name: valkey