Files
argocd-apps/apps/base/mailgateway/rspamd-hpa.yaml
T
unkinben b09cd1628d feat(postfix): deploy postfix MTA and rspamd spam filter
- mailgateway namespace with Deployment + HPA (2-6 replicas)
- rspamd Deployment + HPA (2-6 replicas) with milter interface
- postfix configured to relay inbound mail to stalwart via transport maps
- rspamd milter on port 11332 for spam scanning and DKIM signing
- DKIM keys stored in Vault at kubernetes/namespace/mailgateway/default/dkim-keys
- TLS cert via cert-manager (vault-issuer) for mail.main.unkin.net
- rspamd web UI exposed via Traefik Gateway at rspamd.k8s.syd1.au.unkin.net
- postfix external LoadBalancer service for inbound MX on port 25
- Add full main.cf and master.cf as ConfigMap resources mounted via subPath
  - main.cf: relay-only gateway config, texthash: transport maps, rspamd milter
  - master.cf: standard smtp + submission (587, TLS required) + internal processes
- MAILNAME/MY_NETWORKS/MY_DESTINATION env vars kept in sync with main.cf
- LOG_TO_STDOUT=1 for k8s log collection
2026-05-24 12:46:28 +10:00

39 lines
785 B
YAML

---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: rspamd-hpa
namespace: mailgateway
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: rspamd
minReplicas: 2
maxReplicas: 6
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
behavior:
scaleUp:
stabilizationWindowSeconds: 0
selectPolicy: Max
policies:
- type: Percent
value: 100
periodSeconds: 30
- type: Pods
value: 4
periodSeconds: 30
scaleDown:
stabilizationWindowSeconds: 300
selectPolicy: Min
policies:
- type: Percent
value: 30
periodSeconds: 60