apiVersion: apps/v1 kind: Deployment metadata: name: stalwart namespace: stalwart spec: replicas: 1 selector: matchLabels: app: stalwart template: metadata: labels: app: stalwart spec: containers: - name: stalwart image: stalwartlabs/stalwart:v0.15.5 ports: - name: smtp containerPort: 25 - name: submission containerPort: 587 - name: smtps containerPort: 465 - name: imap containerPort: 143 - name: imaps containerPort: 993 - name: managesieve containerPort: 4190 - name: http containerPort: 8080 env: - name: DB_PASSWORD valueFrom: secretKeyRef: name: stalwart-db-credentials key: password - name: S3_ACCESS_KEY valueFrom: secretKeyRef: name: seaweedfs-s3-credentials key: S3_ACCESS_KEY - name: S3_SECRET_KEY valueFrom: secretKeyRef: name: seaweedfs-s3-credentials key: S3_SECRET_KEY - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: stalwart-app-secrets key: admin-password - name: DKIM_PRIVATE_KEY valueFrom: secretKeyRef: name: stalwart-app-secrets key: dkim-private-key - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: oidc-stalwart key: CLIENT_ID - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-stalwart key: CLIENT_SECRET volumeMounts: - name: config mountPath: /opt/stalwart/etc/config.toml subPath: config.toml readOnly: true - name: tls mountPath: /etc/stalwart-tls readOnly: true livenessProbe: httpGet: path: /healthz/live port: 8080 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /healthz/ready port: 8080 initialDelaySeconds: 5 periodSeconds: 10 resources: requests: memory: 256Mi cpu: 100m limits: memory: 1Gi cpu: "1" volumes: - name: config configMap: name: stalwart-config - name: tls secret: secretName: stalwart-tls