fix(postfix): use hash: transport_maps with postmap init container

- Splits hash-type map files into a separate postfix-maps ConfigMap
- Adds postmap init container that builds .db files from all maps into
  a postfix-db emptyDir, which is then subPath-mounted per map in the
  main container
- Updates transport_maps in main.cf to hash:/etc/postfix/transport
This commit is contained in:
2026-05-24 20:38:27 +10:00
parent ebc21b9fa1
commit 5b3058e75e
3 changed files with 31 additions and 8 deletions
+4
View File
@@ -20,6 +20,10 @@ configMapGenerator:
files:
- main.cf=resources/postfix/main.cf
- master.cf=resources/postfix/master.cf
options:
disableNameSuffixHash: true
- name: postfix-maps
files:
- transport=resources/postfix/transport
options:
disableNameSuffixHash: true
+26 -6
View File
@@ -15,6 +15,24 @@ spec:
labels:
app: postfix
spec:
initContainers:
- name: postmap
image: tozd/postfix:alpine-322
command: ["/bin/sh", "-c"]
args:
- |
for f in /etc/postfix/maps/*; do
base=$(basename "$f")
cp "$f" /tmp/"$base"
postmap hash:/tmp/"$base"
cp /tmp/"${base}.db" /etc/postfix/db/
done
volumeMounts:
- name: postfix-maps
mountPath: /etc/postfix/maps
readOnly: true
- name: postfix-db
mountPath: /etc/postfix/db
containers:
- name: postfix
image: tozd/postfix:alpine-322
@@ -57,27 +75,29 @@ spec:
cpu: "1"
memory: 512Mi
volumeMounts:
# Mount main.cf and master.cf from ConfigMap using subPath
- name: postfix-config
mountPath: /etc/postfix/main.cf
subPath: main.cf
- name: postfix-config
mountPath: /etc/postfix/master.cf
subPath: master.cf
- name: postfix-config
mountPath: /etc/postfix/transport
subPath: transport
# TLS cert from cert-manager Certificate resource
- name: postfix-db
mountPath: /etc/postfix/transport.db
subPath: transport.db
- name: postfix-tls
mountPath: /etc/postfix/tls
readOnly: true
# Persistent mail queue
- name: spool
mountPath: /var/spool/postfix
volumes:
- name: postfix-config
configMap:
name: postfix-config
- name: postfix-maps
configMap:
name: postfix-maps
- name: postfix-db
emptyDir: {}
- name: postfix-tls
secret:
secretName: postfix-smtp-tls
@@ -13,9 +13,8 @@ alias_maps =
alias_database =
# Relay inbound mail for these domains to Stalwart
# texthash: reads plain text without requiring postmap (Alpine has no hash/btree)
relay_domains = main.unkin.net unkin.net
transport_maps = texthash:/etc/postfix/transport
transport_maps = hash:/etc/postfix/transport
# rspamd milter (same namespace — short DNS name resolves)
smtpd_milters = inet:rspamd:11332