fix(postfix): use hash: transport_maps with postmap init container
- Splits hash-type map files into a separate postfix-maps ConfigMap - Adds postmap init container that builds .db files from all maps into a postfix-db emptyDir, which is then subPath-mounted per map in the main container - Updates transport_maps in main.cf to hash:/etc/postfix/transport
This commit is contained in:
@@ -20,6 +20,10 @@ configMapGenerator:
|
|||||||
files:
|
files:
|
||||||
- main.cf=resources/postfix/main.cf
|
- main.cf=resources/postfix/main.cf
|
||||||
- master.cf=resources/postfix/master.cf
|
- master.cf=resources/postfix/master.cf
|
||||||
|
options:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
- name: postfix-maps
|
||||||
|
files:
|
||||||
- transport=resources/postfix/transport
|
- transport=resources/postfix/transport
|
||||||
options:
|
options:
|
||||||
disableNameSuffixHash: true
|
disableNameSuffixHash: true
|
||||||
|
|||||||
@@ -15,6 +15,24 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: postfix
|
app: postfix
|
||||||
spec:
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: postmap
|
||||||
|
image: tozd/postfix:alpine-322
|
||||||
|
command: ["/bin/sh", "-c"]
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
for f in /etc/postfix/maps/*; do
|
||||||
|
base=$(basename "$f")
|
||||||
|
cp "$f" /tmp/"$base"
|
||||||
|
postmap hash:/tmp/"$base"
|
||||||
|
cp /tmp/"${base}.db" /etc/postfix/db/
|
||||||
|
done
|
||||||
|
volumeMounts:
|
||||||
|
- name: postfix-maps
|
||||||
|
mountPath: /etc/postfix/maps
|
||||||
|
readOnly: true
|
||||||
|
- name: postfix-db
|
||||||
|
mountPath: /etc/postfix/db
|
||||||
containers:
|
containers:
|
||||||
- name: postfix
|
- name: postfix
|
||||||
image: tozd/postfix:alpine-322
|
image: tozd/postfix:alpine-322
|
||||||
@@ -57,27 +75,29 @@ spec:
|
|||||||
cpu: "1"
|
cpu: "1"
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
# Mount main.cf and master.cf from ConfigMap using subPath
|
|
||||||
- name: postfix-config
|
- name: postfix-config
|
||||||
mountPath: /etc/postfix/main.cf
|
mountPath: /etc/postfix/main.cf
|
||||||
subPath: main.cf
|
subPath: main.cf
|
||||||
- name: postfix-config
|
- name: postfix-config
|
||||||
mountPath: /etc/postfix/master.cf
|
mountPath: /etc/postfix/master.cf
|
||||||
subPath: master.cf
|
subPath: master.cf
|
||||||
- name: postfix-config
|
- name: postfix-db
|
||||||
mountPath: /etc/postfix/transport
|
mountPath: /etc/postfix/transport.db
|
||||||
subPath: transport
|
subPath: transport.db
|
||||||
# TLS cert from cert-manager Certificate resource
|
|
||||||
- name: postfix-tls
|
- name: postfix-tls
|
||||||
mountPath: /etc/postfix/tls
|
mountPath: /etc/postfix/tls
|
||||||
readOnly: true
|
readOnly: true
|
||||||
# Persistent mail queue
|
|
||||||
- name: spool
|
- name: spool
|
||||||
mountPath: /var/spool/postfix
|
mountPath: /var/spool/postfix
|
||||||
volumes:
|
volumes:
|
||||||
- name: postfix-config
|
- name: postfix-config
|
||||||
configMap:
|
configMap:
|
||||||
name: postfix-config
|
name: postfix-config
|
||||||
|
- name: postfix-maps
|
||||||
|
configMap:
|
||||||
|
name: postfix-maps
|
||||||
|
- name: postfix-db
|
||||||
|
emptyDir: {}
|
||||||
- name: postfix-tls
|
- name: postfix-tls
|
||||||
secret:
|
secret:
|
||||||
secretName: postfix-smtp-tls
|
secretName: postfix-smtp-tls
|
||||||
|
|||||||
@@ -13,9 +13,8 @@ alias_maps =
|
|||||||
alias_database =
|
alias_database =
|
||||||
|
|
||||||
# Relay inbound mail for these domains to Stalwart
|
# Relay inbound mail for these domains to Stalwart
|
||||||
# texthash: reads plain text without requiring postmap (Alpine has no hash/btree)
|
|
||||||
relay_domains = main.unkin.net unkin.net
|
relay_domains = main.unkin.net unkin.net
|
||||||
transport_maps = texthash:/etc/postfix/transport
|
transport_maps = hash:/etc/postfix/transport
|
||||||
|
|
||||||
# rspamd milter (same namespace — short DNS name resolves)
|
# rspamd milter (same namespace — short DNS name resolves)
|
||||||
smtpd_milters = inet:rspamd:11332
|
smtpd_milters = inet:rspamd:11332
|
||||||
|
|||||||
Reference in New Issue
Block a user