No OneTemporary
Actions

Authored By

Unknown

Size

9 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/helm/templates/postfix-deployment.yaml b/helm/templates/postfix-deployment.yaml
	index 6c9e35d..ea4469a 100644
	--- a/helm/templates/postfix-deployment.yaml
	+++ b/helm/templates/postfix-deployment.yaml
	@@ -1,289 +1,296 @@
	{{- if .Values.postfix.enabled -}}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	annotations:
	alpha.image.policy.openshift.io/resolve-names: '*'
	labels:
	app: postfix
	app.kubernetes.io/name: postfix
	app.kubernetes.io/part-of: kolab-app
	name: postfix
	spec:
	replicas: 1
	revisionHistoryLimit: 10
	selector:
	matchLabels:
	app: postfix
	strategy:
	type: Recreate
	template:
	metadata:
	annotations:
	checksum/config: {{ include (print $.Template.BasePath "/kolab-configmap.yaml") . \| sha256sum }}
	checksum/secret: {{ include (print $.Template.BasePath "/kolab-secret.yaml") . \| sha256sum }}
	labels:
	app: postfix
	spec:
	# Allows to run as root
	{{- if .Values.openshift }}
	serviceAccountName: postfixserviceaccount
	{{- end }}
	volumes:
	- name: postfix-spool
	persistentVolumeClaim:
	claimName: postfix-spool
	- name: postfix-lib
	persistentVolumeClaim:
	claimName: postfix-lib
	- name: kolab-cert
	secret:
	{{- $secretName := include "kolab.tlsSecretName" . }}
	secretName: {{ default .Values.postfix.tlsSecretName $secretName }}
	- name: amavis-spool
	persistentVolumeClaim:
	claimName: amavis-spool
	- name: spamassassin-lib
	persistentVolumeClaim:
	claimName: spamassassin-lib
	- name: clamav-lib
	persistentVolumeClaim:
	claimName: clamav-lib
	- name: dkim-cert
	secret:
	secretName: dkim-cert
	- name: postfix-scripts
	configMap:
	name: postfix-scripts
	defaultMode: 0777
	{{- if .Values.image.pullSecret }}
	imagePullSecrets:
	- name: registry-pull-secret
	{{- end }}
	containers:
	- name: postfix
	image: {{ .Values.image.postfixImage }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	resources:
	{{- toYaml .Values.postfix.resources \| nindent 10 }}
	securityContext:
	runAsNonRoot: false
	# Postfix insists on running as root
	runAsUser: 0
	startupProbe:
	exec:
	command:
	- /bin/sh
	- -c
	- test -e /run/saslauthd/mux && kill -0 $(cat /var/spool/postfix/pid/master.pid)
	periodSeconds: 2
	failureThreshold: 60
	# When we authentication requests time auth saslauthd ends up in a zombie/defunct state, which we detect via grep
	livenessProbe:
	exec:
	command:
	- /bin/sh
	- -c
	- test -e /run/saslauthd/mux && kill -0 $(cat /var/spool/postfix/pid/master.pid) && grep -vq "(saslauthd) Z" /proc/$(cat /var/run/saslauthd/saslauthd.pid)/stat
	periodSeconds: 10
	envFrom:
	- configMapRef:
	name: kolab-config
	- secretRef:
	name: kolab-config-secret
	env:
	- name: DB_HOST
	valueFrom:
	secretKeyRef:
	key: database-host
	name: mariadb
	- name: DB_USERNAME
	valueFrom:
	secretKeyRef:
	key: kolab-database-user
	name: mariadb
	- name: DB_PASSWORD
	valueFrom:
	secretKeyRef:
	key: kolab-database-password
	name: mariadb
	- name: DB_DATABASE
	valueFrom:
	secretKeyRef:
	key: kolab-database-name
	name: mariadb
	- name: SSL_CERTIFICATE
	value: /etc/certs/tls.crt
	- name: SSL_CERTIFICATE_KEY
	value: /etc/certs/tls.key
	- name: LMTP_DESTINATION
	value: imap:11024
	- name: AMAVIS_HOST
	value: "127.0.0.1"
	- name: MESSAGE_SIZE_LIMIT
	value: "{{ .Values.postfix.messageSizeLimit }}"
	- name: MYNETWORKS
	{{- if .Values.postfix.mynetworks }}
	value: "{{ .Values.postfix.mynetworks }}"
	{{- else }}
	value: "127.0.0.0/8"
	{{- end }}
	- name: WITH_CONTENTFILTER
	value: '{{ .Values.kolab.withMailfilter }}'
	- name: WITH_PROXY_PROTOCOL
	value: '{{ .Values.postfix.withProxyProtocol }}'
	{{- if .Values.postfix.blockOutgoingEmails }}
	- name: BLOCK_OUTGOING_EMAILS
	value: "true"
	{{- end }}
	{{- if .Values.postfix.holdIncomingEmails }}
	- name: HOLD_INCOMING_EMAILS
	value: "true"
	{{- end }}
	ports:
	# SMTP
	- containerPort: 10025
	protocol: TCP
	# Internal submission
	- containerPort: 10587
	protocol: TCP
	# External
	- containerPort: 11465
	protocol: TCP
	- containerPort: 11587
	protocol: TCP
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/spool/postfix
	name: postfix-spool
	- mountPath: /var/lib/postfix
	name: postfix-lib
	- name: kolab-cert
	readOnly: true
	mountPath: /etc/certs
	- name: amavis
	image: {{ .Values.image.amavisImage }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	resources:
	{{- toYaml .Values.amavis.resources \| nindent 10 }}
	securityContext:
	runAsNonRoot: false
	# Amavis insists on running as root
	runAsUser: 0
	startupProbe:
	exec:
	command:
	- /bin/sh
	- -c
	- test -e /var/run/amavisd/amavisd.pid
	periodSeconds: 5
	failureThreshold: 60
	livenessProbe:
	exec:
	command:
	- /bin/sh
	- -c
	# - test -e /var/run/amavisd/amavisd.pid && kill -0 $(cat /var/run/amavisd/amavisd.pid) && kill -0 $(cat /var/run/amavisd/clamd.pid)
	- test -e /var/run/amavisd/amavisd.pid && kill -0 $(cat /var/run/amavisd/amavisd.pid)
	periodSeconds: 10
	envFrom:
	- configMapRef:
	name: kolab-config
	env:
	# Perl can't deal with a searchlist like we have on openshift in /etc/resolv.conf
	# We can override it like this and make dns requests by sa-update work
	- name: RES_SEARCHLIST
	value: ""
	- name: POSTFIX_HOST
	value: "127.0.0.1"
	- name: DKIM_IDENTIFIER
	value: {{ .Values.amavis.dkim.identifier }}
	- name: CLAMD
	value: "{{ .Values.amavis.clamd.enabled }}"
	- name: DB_HOST
	valueFrom:
	secretKeyRef:
	key: database-host
	name: mariadb
	- name: DB_USERNAME
	valueFrom:
	secretKeyRef:
	key: kolab-database-user
	name: mariadb
	- name: DB_PASSWORD
	valueFrom:
	secretKeyRef:
	key: kolab-database-password
	name: mariadb
	- name: DB_DATABASE
	valueFrom:
	secretKeyRef:
	key: kolab-database-name
	name: mariadb
	+ - name: REDIS_HOST
	+ value: "{{ .Values.redis.host }}"
	+ - name: REDIS_PASSWORD
	+ valueFrom:
	+ secretKeyRef:
	+ key: database-password
	+ name: redis
	ports:
	- containerPort: 13025
	protocol: TCP
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/spool/amavisd
	name: amavis-spool
	- mountPath: /var/lib/spamassassin
	name: spamassassin-lib
	- mountPath: /var/lib/clamav
	name: clamav-lib
	- name: dkim-cert
	mountPath: /var/dkim
	- name: metricsexporter
	image: {{ .Values.image.postfixImage }}
	imagePullPolicy: {{ .Values.image.pullPolicy }}
	command: ['sh', '-c', 'while true; do /postfix-scripts/collectmetrics.sh; sleep 20; done']
	volumeMounts:
	- mountPath: /var/spool/postfix
	name: postfix-spool
	- mountPath: /postfix-scripts
	name: postfix-scripts
	dnsPolicy: ClusterFirst
	restartPolicy: Always
	schedulerName: default-scheduler
	terminationGracePeriodSeconds: 30
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: postfix-scripts
	data:
	collectmetrics.sh: \|
	#!/bin/bash

	HOST="postfix-metrics"

	EPOCH=$(date +"%s")
	METRICS=$(
	cat <<EOF
	kolab_mx_metrics_timestamp $EPOCH
	# HELP kolab_mx_queue_length Queue length
	# TYPE kolab_mx_queue_length gauge
	EOF
	)

	queues="active bounce corrupt deferred flush hold incoming maildrop"

	spool_dir=/var/spool/postfix
	for queue in ${queues}; do
	test -d ${spool_dir}/${queue} \|\| continue
	COUNT=$(find "${spool_dir}/${queue}" -type f -print \| wc -l)

	# TODO once we have more than one instance, we should seaprate accordingly
	METRICS+=$(
	cat <<EOF

	kolab_mx_queue_length{host="$HOST", queue="$queue", instance="postfix"} $COUNT
	EOF
	)
	done

	echo "$METRICS"
	echo "$METRICS" \| curl -k --data-binary @- http://pushgateway:9091/metrics/job/postfixmetrics/host/$HOST
	{{- end }}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Apr 4, 7:13 AM (1 w, 4 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18822963
Default Alt Text: (9 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions