Sienna Meridian Satterwhite
8662c79212
Stalwart + Bulwark mail server deployment with OIDC, TLS cert, vault secrets. Beam design service. Pingora config cleanup. SeaweedFS replication fix. Kratos values tweak. Migration scripts for mbox/messages /calendars from La Suite to Stalwart.
71 lines
1.9 KiB
YAML
71 lines
1.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bulwark
|
|
namespace: stalwart
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: bulwark
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bulwark
|
|
spec:
|
|
containers:
|
|
- name: bulwark
|
|
image: src.DOMAIN_SUFFIX/studio/bulwark:latest
|
|
ports:
|
|
- name: http
|
|
containerPort: 3000
|
|
env:
|
|
- name: JMAP_SERVER_URL
|
|
value: https://mail.DOMAIN_SUFFIX
|
|
- name: OAUTH_ENABLED
|
|
value: "true"
|
|
- name: OAUTH_ONLY
|
|
value: "true"
|
|
- name: LOG_LEVEL
|
|
value: "debug"
|
|
- name: OAUTH_SCOPES
|
|
value: "openid email profile offline_access"
|
|
- name: COOKIE_SECURE
|
|
value: "false"
|
|
- name: OAUTH_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-bulwark
|
|
key: CLIENT_ID
|
|
- name: OAUTH_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-bulwark
|
|
key: CLIENT_SECRET
|
|
- name: OAUTH_ISSUER_URL
|
|
value: https://auth.DOMAIN_SUFFIX
|
|
- name: SESSION_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: stalwart-app-secrets
|
|
key: admin-password
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 3000
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 30
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 3000
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 512Mi
|
|
cpu: 500m
|