--- apiVersion: apps/v1 kind: Deployment metadata: name: postfix namespace: mailgateway spec: selector: matchLabels: app: postfix template: metadata: annotations: reloader.stakater.com/auto: "true" labels: app: postfix spec: containers: - name: postfix image: tozd/postfix:alpine-322 ports: - containerPort: 25 name: smtp protocol: TCP - containerPort: 587 name: submission protocol: TCP env: # Keep these in sync with main.cf so the tozd startup postconf calls are no-ops - name: MAILNAME value: "mail.main.unkin.net" - name: MY_NETWORKS value: "127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16" - name: MY_DESTINATION value: "localhost.localdomain, localhost" - name: LOG_TO_STDOUT value: "1" livenessProbe: tcpSocket: port: 25 initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: tcpSocket: port: 25 initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 resources: requests: cpu: 100m memory: 256Mi limits: cpu: "1" memory: 512Mi volumeMounts: # Mount main.cf and master.cf from ConfigMap using subPath - name: postfix-config mountPath: /etc/postfix/main.cf subPath: main.cf - name: postfix-config mountPath: /etc/postfix/master.cf subPath: master.cf - name: postfix-config mountPath: /etc/postfix/transport subPath: transport # TLS cert from cert-manager Certificate resource - name: postfix-tls mountPath: /etc/postfix/tls readOnly: true # Persistent mail queue - name: spool mountPath: /var/spool/postfix volumes: - name: postfix-config configMap: name: postfix-config - name: postfix-tls secret: secretName: postfix-smtp-tls - name: spool emptyDir: {}