diff --git a/apps/base/stalwart/kustomization.yaml b/apps/base/stalwart/kustomization.yaml index 4191dec..3335bac 100644 --- a/apps/base/stalwart/kustomization.yaml +++ b/apps/base/stalwart/kustomization.yaml @@ -12,6 +12,7 @@ resources: - services.yaml - stalwart-deployment.yaml - stalwart-hpa.yaml + - valkey.yaml - vaultauth.yaml - vaultstaticsecret.yaml diff --git a/apps/base/stalwart/resources/config.toml b/apps/base/stalwart/resources/config.toml index efff98e..af4fde3 100644 --- a/apps/base/stalwart/resources/config.toml +++ b/apps/base/stalwart/resources/config.toml @@ -67,7 +67,7 @@ permissive-cors = false [webadmin] path = "/var/lib/stalwart/webadmin" auto-update = true -resource = "https://github.com/stalwartlabs/webadmin/releases/latest/download/webadmin.zip" +resource = "https://artifactapi.k8s.syd1.au.unkin.net/generic/github/stalwartlabs/webadmin/releases/latest/download/webadmin.zip" # PostgreSQL store (via CNPG pooler) [store."postgresql"] @@ -104,6 +104,11 @@ compression = "lz4" [store."s3".purge] frequency = "30 5 *" +# Valkey in-memory store (rate limiting, locks, OAuth codes, greylisting) +[store."valkey"] +type = "redis" +urls = ["redis://stalwart-valkey.stalwart.svc.cluster.local:6379"] + # Storage assignment [storage] data = "postgresql" @@ -111,7 +116,7 @@ fts = "postgresql" blob = "s3" lookup = "postgresql" directory = "internal" -in-memory = "postgresql" +in-memory = "valkey" # Directory configuration [directory.internal] diff --git a/apps/base/stalwart/stalwart-deployment.yaml b/apps/base/stalwart/stalwart-deployment.yaml index 2b1e1e1..173898d 100644 --- a/apps/base/stalwart/stalwart-deployment.yaml +++ b/apps/base/stalwart/stalwart-deployment.yaml @@ -66,16 +66,18 @@ spec: name: stalwart-admin key: password_hash livenessProbe: - tcpSocket: - port: 25 + httpGet: + path: /healthz/live + port: 8080 initialDelaySeconds: 30 - periodSeconds: 30 + periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: - tcpSocket: - port: 25 - initialDelaySeconds: 15 + httpGet: + path: /healthz/ready + port: 8080 + initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 diff --git a/apps/base/stalwart/valkey.yaml b/apps/base/stalwart/valkey.yaml new file mode 100644 index 0000000..07ab971 --- /dev/null +++ b/apps/base/stalwart/valkey.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stalwart-valkey + namespace: stalwart +spec: + replicas: 1 + selector: + matchLabels: + app: stalwart-valkey + template: + metadata: + labels: + app: stalwart-valkey + spec: + containers: + - name: valkey + image: valkey/valkey:8-alpine + args: + - "--save" + - "" + - "--appendonly" + - "no" + ports: + - containerPort: 6379 + name: valkey + protocol: TCP + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 500m + memory: 256Mi + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + exec: + command: ["valkey-cli", "ping"] + initialDelaySeconds: 5 + periodSeconds: 5 +--- +apiVersion: v1 +kind: Service +metadata: + name: stalwart-valkey + namespace: stalwart +spec: + selector: + app: stalwart-valkey + ports: + - port: 6379 + targetPort: 6379 + name: valkey