studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8662c792124576a3200ba4232f0f7d31291c39bf
sbbb/base/stalwart/stalwart-deployment.yaml
Sienna Meridian Satterwhite 8662c79212 checkpoint: stalwart deploy, beam-design, migration scripts, config tweaks 
Stalwart + Bulwark mail server deployment with OIDC, TLS cert, vault
secrets. Beam design service. Pingora config cleanup. SeaweedFS
replication fix. Kratos values tweak. Migration scripts for mbox/messages
/calendars from La Suite to Stalwart.
2026-04-06 17:52:30 +01:00

104 lines
2.8 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: stalwart
namespace: stalwart
spec:
replicas: 1
selector:
matchLabels:
app: stalwart
template:
metadata:
labels:
app: stalwart
spec:
containers:
- name: stalwart
image: stalwartlabs/stalwart:v0.15.5
ports:
- name: smtp
containerPort: 25
- name: submission
containerPort: 587
- name: smtps
containerPort: 465
- name: imap
containerPort: 143
- name: imaps
containerPort: 993
- name: managesieve
containerPort: 4190
- name: http
containerPort: 8080
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: stalwart-db-credentials
key: password
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: seaweedfs-s3-credentials
key: S3_ACCESS_KEY
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: seaweedfs-s3-credentials
key: S3_SECRET_KEY
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: stalwart-app-secrets
key: admin-password
- name: DKIM_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: stalwart-app-secrets
key: dkim-private-key
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-stalwart
key: CLIENT_ID
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-stalwart
key: CLIENT_SECRET
volumeMounts:
- name: config
mountPath: /opt/stalwart/etc/config.toml
subPath: config.toml
readOnly: true
- name: tls
mountPath: /etc/stalwart-tls
readOnly: true
livenessProbe:
httpGet:
path: /healthz/live
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /healthz/ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
memory: 1Gi
cpu: "1"
volumes:
- name: config
configMap:
name: stalwart-config
- name: tls
secret:
secretName: stalwart-tls
Reference in New Issue View Git Blame Copy Permalink