fix(postfix): use hash: transport_maps with postmap init container

- Splits hash-type map files into a separate postfix-maps ConfigMap
- Adds postmap init container that builds .db files from all maps into
  a postfix-db emptyDir, which is then subPath-mounted per map in the
  main container
- Updates transport_maps in main.cf to hash:/etc/postfix/transport
This commit is contained in:
2026-05-24 20:38:27 +10:00
parent ebc21b9fa1
commit 5b3058e75e
3 changed files with 31 additions and 8 deletions
+4
View File
@@ -20,6 +20,10 @@ configMapGenerator:
files: files:
- main.cf=resources/postfix/main.cf - main.cf=resources/postfix/main.cf
- master.cf=resources/postfix/master.cf - master.cf=resources/postfix/master.cf
options:
disableNameSuffixHash: true
- name: postfix-maps
files:
- transport=resources/postfix/transport - transport=resources/postfix/transport
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
+26 -6
View File
@@ -15,6 +15,24 @@ spec:
labels: labels:
app: postfix app: postfix
spec: spec:
initContainers:
- name: postmap
image: tozd/postfix:alpine-322
command: ["/bin/sh", "-c"]
args:
- |
for f in /etc/postfix/maps/*; do
base=$(basename "$f")
cp "$f" /tmp/"$base"
postmap hash:/tmp/"$base"
cp /tmp/"${base}.db" /etc/postfix/db/
done
volumeMounts:
- name: postfix-maps
mountPath: /etc/postfix/maps
readOnly: true
- name: postfix-db
mountPath: /etc/postfix/db
containers: containers:
- name: postfix - name: postfix
image: tozd/postfix:alpine-322 image: tozd/postfix:alpine-322
@@ -57,27 +75,29 @@ spec:
cpu: "1" cpu: "1"
memory: 512Mi memory: 512Mi
volumeMounts: volumeMounts:
# Mount main.cf and master.cf from ConfigMap using subPath
- name: postfix-config - name: postfix-config
mountPath: /etc/postfix/main.cf mountPath: /etc/postfix/main.cf
subPath: main.cf subPath: main.cf
- name: postfix-config - name: postfix-config
mountPath: /etc/postfix/master.cf mountPath: /etc/postfix/master.cf
subPath: master.cf subPath: master.cf
- name: postfix-config - name: postfix-db
mountPath: /etc/postfix/transport mountPath: /etc/postfix/transport.db
subPath: transport subPath: transport.db
# TLS cert from cert-manager Certificate resource
- name: postfix-tls - name: postfix-tls
mountPath: /etc/postfix/tls mountPath: /etc/postfix/tls
readOnly: true readOnly: true
# Persistent mail queue
- name: spool - name: spool
mountPath: /var/spool/postfix mountPath: /var/spool/postfix
volumes: volumes:
- name: postfix-config - name: postfix-config
configMap: configMap:
name: postfix-config name: postfix-config
- name: postfix-maps
configMap:
name: postfix-maps
- name: postfix-db
emptyDir: {}
- name: postfix-tls - name: postfix-tls
secret: secret:
secretName: postfix-smtp-tls secretName: postfix-smtp-tls
@@ -13,9 +13,8 @@ alias_maps =
alias_database = alias_database =
# Relay inbound mail for these domains to Stalwart # Relay inbound mail for these domains to Stalwart
# texthash: reads plain text without requiring postmap (Alpine has no hash/btree)
relay_domains = main.unkin.net unkin.net relay_domains = main.unkin.net unkin.net
transport_maps = texthash:/etc/postfix/transport transport_maps = hash:/etc/postfix/transport
# rspamd milter (same namespace — short DNS name resolves) # rspamd milter (same namespace — short DNS name resolves)
smtpd_milters = inet:rspamd:11332 smtpd_milters = inet:rspamd:11332