-
Notifications
You must be signed in to change notification settings - Fork 1
/
statefulset-litestream.yaml
171 lines (171 loc) · 5.39 KB
/
statefulset-litestream.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: &name stalwart
labels: {}
spec:
replicas: 1
serviceName: *name
selector:
matchLabels: {}
template:
metadata:
labels: {}
spec:
initContainers:
- name: litestream-init
image: litestream/litestream:latest
command:
- /bin/sh
- -c
- |
set -ex
## Install required tools
apk add yq
## Try to restore databases
DATABASES=$(yq '.dbs[].path' /etc/litestream.yml)
for db in $DATABASES; do
litestream restore -if-db-not-exists -if-replica-exists $db
done
volumeMounts: &litestreamVolumeMounts
- name: mail-data
mountPath: /opt/stalwart-mail/data
- name: litestream
mountPath: /etc/litestream.yml
subPath: litestream.yml
envFrom: &litestreamEnvFrom
- prefix: LITESTREAM_
secretRef:
## kubectl -n stalwart create secret generic litestream-s3 --from-literal=ACCESS_KEY_ID=value --from-literal=SECRET_ACCESS_KEY=value
name: litestream-s3
resources: &litestreamResources
limits:
cpu: "500m"
memory: "256Mi"
- name: mail-server-init
image: alpine:3.19
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
set -ex
## Install required tools
apk add jq
## Deploy spamfilter config
[[ "$STALWART_TAG" == "latest" ]] && STALWART_TAG=
STALWART_TAG=${STALWART_TAG:-$(wget https://api.github.com/repos/stalwartlabs/mail-server/releases/latest -O - | jq -r '.tag_name')}
wget https://github.com/stalwartlabs/mail-server/raw/$STALWART_TAG/resources/config.zip
unzip -o config.zip spamfilter/* -d /opt/stalwart-mail/etc/
## Create directories
for d in bin data/blobs logs queue reports; do
mkdir -p /opt/stalwart-mail/$d
done
## Copy bootstrap data
{ set +x; } 2>/dev/null
echo "Bootstrap data:"
for f in $(find /tmp/bootstrap -name '*.sqlite3.gz' -type f); do
f=${f##*/}
DST=/opt/stalwart-mail/data/${f%.*}
if [[ ! -f "$DST" ]]; then
set -x
gunzip -d /tmp/bootstrap/$f -c > "$DST"
{ set +x; } 2>/dev/null
else
echo "'$DST' already exists"
fi
done
env:
- name: STALWART_TAG
value: latest
volumeMounts:
- name: basedir
mountPath: /opt/stalwart-mail
- name: mail-data
mountPath: /opt/stalwart-mail/data
- name: bootstrap
mountPath: /tmp/bootstrap
containers:
- name: mail-server
image: stalwartlabs/mail-server:latest
imagePullPolicy: IfNotPresent
ports:
- name: smtp
containerPort: 25
- name: smtps
containerPort: 465
- name: submission
containerPort: 587
- name: imap
containerPort: 143
- name: imaps
containerPort: 993
- name: sieve
containerPort: 4190
- name: http
containerPort: 8080
env: []
envFrom:
- secretRef:
## kubectl -n stalwart create secret generic jmap-oauth --from-literal=OAUTH_KEY=$(yq '.oauth.key' etc/jmap/oauth.toml)
name: jmap-oauth
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 512Mi
volumeMounts:
- name: basedir
mountPath: /opt/stalwart-mail
- name: mail-data
mountPath: /opt/stalwart-mail/data
- name: dkim
mountPath: /opt/stalwart-mail/etc/dkim
- name: certs
mountPath: /opt/stalwart-mail/etc/certs
- name: litestream
image: litestream/litestream:latest
args:
- replicate
volumeMounts: *litestreamVolumeMounts
envFrom: *litestreamEnvFrom
resources: *litestreamResources
ports:
- name: metrics
containerPort: 9090
restartPolicy: Always
volumes:
- name: basedir
emptyDir: {}
- name: bootstrap
secret:
secretName: stalwart-bootstrap
- name: config
configMap:
name: stalwart
- name: dkim
secret:
secretName: dkim
- name: mail-data
persistentVolumeClaim:
claimName: mail-data
- name: litestream
configMap:
name: litestream
- name: certs
secret:
secretName: stalwart-tls
nodeSelector: {}
tolerations: []
volumeClaimTemplates:
- metadata:
name: mail-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard