b465763302
- Replace PostgreSQL in-memory store with Valkey (Redis-compatible) for better performance on rate limiting, distributed locks, and OAuth codes - Add single-replica Valkey deployment with no persistence (data is transient) - Switch liveness/readiness probes to HTTP GET /healthz/live and /healthz/ready on port 8080 per official Kubernetes probe documentation - Update webadmin resource URL to use artifactapi proxy instead of direct GitHub download
110 lines
2.9 KiB
YAML
110 lines
2.9 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: stalwart
|
|
namespace: stalwart
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: stalwart
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
reloader.stakater.com/auto: "true"
|
|
labels:
|
|
app: stalwart
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 2000
|
|
runAsGroup: 2000
|
|
fsGroup: 2000
|
|
containers:
|
|
- name: stalwart
|
|
image: ghcr.io/stalwartlabs/stalwart:v0.16.6
|
|
ports:
|
|
- containerPort: 25
|
|
name: smtp-relay
|
|
protocol: TCP
|
|
- containerPort: 587
|
|
name: submission
|
|
protocol: TCP
|
|
- containerPort: 143
|
|
name: imap
|
|
protocol: TCP
|
|
- containerPort: 993
|
|
name: imaps
|
|
protocol: TCP
|
|
- containerPort: 443
|
|
name: https
|
|
protocol: TCP
|
|
- containerPort: 8080
|
|
name: http-internal
|
|
protocol: TCP
|
|
- containerPort: 9090
|
|
name: metrics
|
|
protocol: TCP
|
|
env:
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-credentials
|
|
key: password
|
|
- name: S3_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: s3-credentials
|
|
key: access_key
|
|
- name: S3_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: s3-credentials
|
|
key: secret_key
|
|
- name: ADMIN_PASSWORD_HASH
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: stalwart-admin
|
|
key: password_hash
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz/live
|
|
port: 8080
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz/ready
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
resources:
|
|
requests:
|
|
cpu: 250m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: "2"
|
|
memory: 2Gi
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/stalwart/config.toml
|
|
subPath: config.toml
|
|
readOnly: true
|
|
- name: tls
|
|
mountPath: /etc/stalwart/tls
|
|
readOnly: true
|
|
- name: data
|
|
mountPath: /var/lib/stalwart
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: stalwart-config
|
|
- name: tls
|
|
secret:
|
|
secretName: stalwart-tls
|
|
- name: data
|
|
emptyDir: {}
|