--- apiVersion: apps/v1 kind: Deployment metadata: name: stalwart namespace: stalwart spec: selector: matchLabels: app: stalwart template: metadata: annotations: reloader.stakater.com/auto: "true" labels: app: stalwart spec: securityContext: runAsUser: 2000 runAsGroup: 2000 fsGroup: 2000 containers: - name: stalwart image: ghcr.io/stalwartlabs/stalwart:v0.16.6 ports: - containerPort: 25 name: smtp-relay protocol: TCP - containerPort: 587 name: submission protocol: TCP - containerPort: 143 name: imap protocol: TCP - containerPort: 993 name: imaps protocol: TCP - containerPort: 443 name: https protocol: TCP - containerPort: 8080 name: http-internal protocol: TCP - containerPort: 9090 name: metrics protocol: TCP env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-credentials key: password - name: S3_ACCESS_KEY valueFrom: secretKeyRef: name: s3-credentials key: access_key - name: S3_SECRET_KEY valueFrom: secretKeyRef: name: s3-credentials key: secret_key - name: ADMIN_PASSWORD_HASH valueFrom: secretKeyRef: name: stalwart-admin key: password_hash livenessProbe: httpGet: path: /healthz/live port: 8080 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /healthz/ready port: 8080 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 resources: requests: cpu: 250m memory: 512Mi limits: cpu: "2" memory: 2Gi volumeMounts: - name: config mountPath: /etc/stalwart/config.toml subPath: config.toml readOnly: true - name: tls mountPath: /etc/stalwart/tls readOnly: true - name: data mountPath: /var/lib/stalwart volumes: - name: config configMap: name: stalwart-config - name: tls secret: secretName: stalwart-tls - name: data emptyDir: {}