Files
argocd-apps/apps/base/stalwart/stalwart-deployment.yaml
T
unkinben b465763302 feat(stalwart): use Valkey for in-memory store, improve health probes
- Replace PostgreSQL in-memory store with Valkey (Redis-compatible) for
  better performance on rate limiting, distributed locks, and OAuth codes
- Add single-replica Valkey deployment with no persistence (data is transient)
- Switch liveness/readiness probes to HTTP GET /healthz/live and
  /healthz/ready on port 8080 per official Kubernetes probe documentation
- Update webadmin resource URL to use artifactapi proxy instead of direct
  GitHub download
2026-05-24 12:56:32 +10:00

110 lines
2.9 KiB
YAML

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: stalwart
namespace: stalwart
spec:
selector:
matchLabels:
app: stalwart
template:
metadata:
annotations:
reloader.stakater.com/auto: "true"
labels:
app: stalwart
spec:
securityContext:
runAsUser: 2000
runAsGroup: 2000
fsGroup: 2000
containers:
- name: stalwart
image: ghcr.io/stalwartlabs/stalwart:v0.16.6
ports:
- containerPort: 25
name: smtp-relay
protocol: TCP
- containerPort: 587
name: submission
protocol: TCP
- containerPort: 143
name: imap
protocol: TCP
- containerPort: 993
name: imaps
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8080
name: http-internal
protocol: TCP
- containerPort: 9090
name: metrics
protocol: TCP
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-credentials
key: password
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: s3-credentials
key: access_key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: s3-credentials
key: secret_key
- name: ADMIN_PASSWORD_HASH
valueFrom:
secretKeyRef:
name: stalwart-admin
key: password_hash
livenessProbe:
httpGet:
path: /healthz/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz/ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: "2"
memory: 2Gi
volumeMounts:
- name: config
mountPath: /etc/stalwart/config.toml
subPath: config.toml
readOnly: true
- name: tls
mountPath: /etc/stalwart/tls
readOnly: true
- name: data
mountPath: /var/lib/stalwart
volumes:
- name: config
configMap:
name: stalwart-config
- name: tls
secret:
secretName: stalwart-tls
- name: data
emptyDir: {}