feat(stalwart): use Valkey for in-memory store, improve health probes
- Replace PostgreSQL in-memory store with Valkey (Redis-compatible) for better performance on rate limiting, distributed locks, and OAuth codes - Add single-replica Valkey deployment with no persistence (data is transient) - Switch liveness/readiness probes to HTTP GET /healthz/live and /healthz/ready on port 8080 per official Kubernetes probe documentation - Update webadmin resource URL to use artifactapi proxy instead of direct GitHub download
This commit is contained in:
@@ -12,6 +12,7 @@ resources:
|
||||
- services.yaml
|
||||
- stalwart-deployment.yaml
|
||||
- stalwart-hpa.yaml
|
||||
- valkey.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
|
||||
|
||||
@@ -67,7 +67,7 @@ permissive-cors = false
|
||||
[webadmin]
|
||||
path = "/var/lib/stalwart/webadmin"
|
||||
auto-update = true
|
||||
resource = "https://github.com/stalwartlabs/webadmin/releases/latest/download/webadmin.zip"
|
||||
resource = "https://artifactapi.k8s.syd1.au.unkin.net/generic/github/stalwartlabs/webadmin/releases/latest/download/webadmin.zip"
|
||||
|
||||
# PostgreSQL store (via CNPG pooler)
|
||||
[store."postgresql"]
|
||||
@@ -104,6 +104,11 @@ compression = "lz4"
|
||||
[store."s3".purge]
|
||||
frequency = "30 5 *"
|
||||
|
||||
# Valkey in-memory store (rate limiting, locks, OAuth codes, greylisting)
|
||||
[store."valkey"]
|
||||
type = "redis"
|
||||
urls = ["redis://stalwart-valkey.stalwart.svc.cluster.local:6379"]
|
||||
|
||||
# Storage assignment
|
||||
[storage]
|
||||
data = "postgresql"
|
||||
@@ -111,7 +116,7 @@ fts = "postgresql"
|
||||
blob = "s3"
|
||||
lookup = "postgresql"
|
||||
directory = "internal"
|
||||
in-memory = "postgresql"
|
||||
in-memory = "valkey"
|
||||
|
||||
# Directory configuration
|
||||
[directory.internal]
|
||||
|
||||
@@ -66,16 +66,18 @@ spec:
|
||||
name: stalwart-admin
|
||||
key: password_hash
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 25
|
||||
httpGet:
|
||||
path: /healthz/live
|
||||
port: 8080
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 25
|
||||
initialDelaySeconds: 15
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: stalwart-valkey
|
||||
namespace: stalwart
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: stalwart-valkey
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: stalwart-valkey
|
||||
spec:
|
||||
containers:
|
||||
- name: valkey
|
||||
image: valkey/valkey:8-alpine
|
||||
args:
|
||||
- "--save"
|
||||
- ""
|
||||
- "--appendonly"
|
||||
- "no"
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
name: valkey
|
||||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 6379
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
exec:
|
||||
command: ["valkey-cli", "ping"]
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: stalwart-valkey
|
||||
namespace: stalwart
|
||||
spec:
|
||||
selector:
|
||||
app: stalwart-valkey
|
||||
ports:
|
||||
- port: 6379
|
||||
targetPort: 6379
|
||||
name: valkey
|
||||
Reference in New Issue
Block a user