sbbb/base/stalwart/stalwart-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: stalwart
  namespace: stalwart
spec:
  replicas: 1
  selector:
    matchLabels:
      app: stalwart
  template:
    metadata:
      labels:
        app: stalwart
    spec:
      containers:
        - name: stalwart
          image: stalwartlabs/stalwart:v0.15.5
          ports:
            - name: smtp
              containerPort: 25
            - name: submission
              containerPort: 587
            - name: smtps
              containerPort: 465
            - name: imap
              containerPort: 143
            - name: imaps
              containerPort: 993
            - name: managesieve
              containerPort: 4190
            - name: http
              containerPort: 8080
          env:
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: stalwart-db-credentials
                  key: password
            - name: S3_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: seaweedfs-s3-credentials
                  key: S3_ACCESS_KEY
            - name: S3_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: seaweedfs-s3-credentials
                  key: S3_SECRET_KEY
            - name: ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: stalwart-app-secrets
                  key: admin-password
            - name: DKIM_PRIVATE_KEY
              valueFrom:
                secretKeyRef:
                  name: stalwart-app-secrets
                  key: dkim-private-key
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: oidc-stalwart
                  key: CLIENT_ID
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: oidc-stalwart
                  key: CLIENT_SECRET
          volumeMounts:
            - name: config
              mountPath: /opt/stalwart/etc/config.toml
              subPath: config.toml
              readOnly: true
            - name: tls
              mountPath: /etc/stalwart-tls
              readOnly: true
          livenessProbe:
            httpGet:
              path: /healthz/live
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /healthz/ready
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
          resources:
            requests:
              memory: 256Mi
              cpu: 100m
            limits:
              memory: 1Gi
              cpu: "1"
      volumes:
        - name: config
          configMap:
            name: stalwart-config
        - name: tls
          secret:
            secretName: stalwart-tls