From 16375fe5d1b2d98d4c6e267d1481feca7b34a6d1 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Sat, 25 May 2024 18:37:12 +0200 Subject: [PATCH 01/12] Run unittests on push --- .github/workflows/on-push-lint-charts.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index 52a28087..71dd7225 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -15,7 +15,7 @@ env: KUBE_SCORE_VERSION: 1.17.0 HELM_VERSION: v3.13.2 -concurrency: +concurrency: group: ${{ github.ref }} cancel-in-progress: true @@ -44,12 +44,27 @@ jobs: KUBE_SCORE: /tmp/bin/kube-score run: .ci/scripts/kube-score.sh + unittest: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: install helm unittest + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest.git + + - name: Run helm unittest + run: helm unittest charts/* + chart-testing: runs-on: ubuntu-latest strategy: matrix: # Choose from https://hub.docker.com/r/kindest/node/tags - KubeVersion: [1.27.3, 1.28.0, 1.29.0] + KubeVersion: [ 1.27.3, 1.28.0, 1.29.0 ] steps: - name: Checkout From 5fd90a7ba6add0dc2acdc217185711af75b78e05 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Sat, 25 May 2024 18:56:21 +0200 Subject: [PATCH 02/12] fix unittests --- .../templates/deployment.yaml | 18 +- .../__snapshot__/configmap_test.yaml.snap | 37 ++ .../__snapshot__/deployment_test.yaml.snap | 353 +++++++++++++++++ .../tests/__snapshot__/haproxy_test.yaml.snap | 37 ++ .../tests/__snapshot__/pvc_test.yaml.snap | 92 +++++ .../tests/__snapshot__/secret_test.yaml.snap | 373 ++++++++++++++++++ .../tests/configmap_test.yaml | 26 +- .../tests/deployment_test.yaml | 4 +- .../docker-mailserver/tests/haproxy_test.yaml | 18 - charts/docker-mailserver/tests/oobe_test.yaml | 58 --- charts/docker-mailserver/tests/pvc_test.yaml | 22 +- .../docker-mailserver/tests/secret_test.yaml | 26 +- charts/docker-mailserver/tests/spf_test.yaml | 15 - charts/docker-mailserver/values.yaml | 10 +- 14 files changed, 946 insertions(+), 143 deletions(-) create mode 100644 charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap create mode 100644 charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap create mode 100644 charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap create mode 100644 charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap create mode 100644 charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap delete mode 100644 charts/docker-mailserver/tests/haproxy_test.yaml delete mode 100644 charts/docker-mailserver/tests/oobe_test.yaml delete mode 100644 charts/docker-mailserver/tests/spf_test.yaml diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index b20d6f36..31603986 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -54,10 +54,10 @@ spec: {{- end }} # Secrets - {{- range $name, $secret := .Values.secrets }} - - name: {{ regexReplaceAll "[.]" $name "-" }} + {{- range .Values.secrets }} + - name: {{ regexReplaceAll "[.]" .name "-" }} secret: - secretName: {{ regexReplaceAll "[.]" $name "-" }} + secretName: {{ regexReplaceAll "[.]" .name "-" }} {{- end }} # Certificate @@ -129,13 +129,13 @@ spec: {{- end }} # Config via Secrets - {{- range $name, $secret := .Values.secrets }} - - name: {{ regexReplaceAll "[.]" $name "-" }} - subPath: {{ $secret.key | default $name }} - {{- if isAbs $secret.path }} - mountPath: {{ $secret.path }} + {{- range .Values.secrets }} + - name: {{ regexReplaceAll "[.]" .name "-" }} + subPath: {{ .key | default .name }} + {{- if isAbs .path }} + mountPath: {{ $.path }} {{- else }} - mountPath: /tmp/docker-mailserver/{{ $secret.path }} + mountPath: /tmp/docker-mailserver/{{ .path }} {{- end }} {{- end }} diff --git a/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap new file mode 100644 index 00000000..0b3097d1 --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap @@ -0,0 +1,37 @@ +manifest should match snapshot: + 1: | + apiVersion: v1 + data: + dovecot.cf: "\nhaproxy_trusted_networks = 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16\nservice imap-login {\n inet_listener imap {\n port = 143\n }\n \n inet_listener imaps {\n port = 993\n ssl = yes\n }\n \n inet_listener imap_proxy {\n haproxy = yes\n port = 10143\n ssl = no\n }\n\n inet_listener imaps_proxy {\n haproxy = yes\n port = 10993\n ssl = yes\n }\n}\n" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: dovecot-cf + 2: | + apiVersion: v1 + data: + fts-xapian-plugin.conf: "" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: fts-xapian-plugin-conf + 3: | + apiVersion: v1 + data: + user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <> /etc/postfix/master.cf\n\n# Submission with proxy\n10587 inet n - n - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy \n\n# Submissions with proxy\n10465 inet n - n - - smtpd\n -o syslog_name=postfix/submissions\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy\nEOS\n" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: user-patches-sh diff --git a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap new file mode 100644 index 00000000..fb15a4d6 --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap @@ -0,0 +1,353 @@ +manifest should match snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: RELEASE-NAME-docker-mailserver + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + spec: + containers: + - env: + - name: ACCOUNT_PROVISIONER + value: null + - name: AMAVIS_LOGLEVEL + value: "0" + - name: CLAMAV_MESSAGE_SIZE_LIMIT + value: null + - name: DEFAULT_RELAY_HOST + value: null + - name: DMS_VMAIL_GID + value: null + - name: DMS_VMAIL_UID + value: null + - name: DOVECOT_AUTH_BIND + value: null + - name: DOVECOT_INET_PROTOCOLS + value: all + - name: DOVECOT_MAILBOX_FORMAT + value: maildir + - name: DOVECOT_PASS_FILTER + value: null + - name: DOVECOT_TLS + value: null + - name: DOVECOT_USER_FILTER + value: null + - name: ENABLE_AMAVIS + value: "0" + - name: ENABLE_CLAMAV + value: "0" + - name: ENABLE_DNSBL + value: "0" + - name: ENABLE_FAIL2BAN + value: "0" + - name: ENABLE_FETCHMAIL + value: "0" + - name: ENABLE_GETMAIL + value: "0" + - name: ENABLE_IMAP + value: "1" + - name: ENABLE_MANAGESIEVE + value: null + - name: ENABLE_OPENDKIM + value: "0" + - name: ENABLE_OPENDMARC + value: "0" + - name: ENABLE_POLICYD_SPF + value: "0" + - name: ENABLE_POP3 + value: null + - name: ENABLE_POSTGREY + value: "0" + - name: ENABLE_QUOTAS + value: "1" + - name: ENABLE_RSPAMD + value: "1" + - name: ENABLE_RSPAMD_REDIS + value: "1" + - name: ENABLE_SASLAUTHD + value: "0" + - name: ENABLE_SPAMASSASSIN + value: "0" + - name: ENABLE_SPAMASSASSIN_KAM + value: "0" + - name: ENABLE_SRS + value: "0" + - name: ENABLE_UPDATE_CHECK + value: "1" + - name: FAIL2BAN_BLOCKTYPE + value: drop + - name: FETCHMAIL_PARALLEL + value: "0" + - name: FETCHMAIL_POLL + value: "300" + - name: GETMAIL_POLL + value: "5" + - name: LDAP_BIND_DN + value: null + - name: LDAP_BIND_PW + value: null + - name: LDAP_QUERY_FILTER_ALIAS + value: null + - name: LDAP_QUERY_FILTER_DOMAIN + value: null + - name: LDAP_QUERY_FILTER_GROUP + value: null + - name: LDAP_QUERY_FILTER_USER + value: null + - name: LDAP_SEARCH_BASE + value: null + - name: LDAP_SERVER_HOST + value: null + - name: LDAP_START_TLS + value: null + - name: LOGROTATE_INTERVAL + value: weekly + - name: LOGWATCH_INTERVAL + value: null + - name: LOGWATCH_RECIPIENT + value: null + - name: LOGWATCH_SENDER + value: null + - name: LOG_LEVEL + value: info + - name: MARK_SPAM_AS_READ + value: "0" + - name: MOVE_SPAM_TO_JUNK + value: "1" + - name: NETWORK_INTERFACE + value: null + - name: ONE_DIR + value: "1" + - name: OVERRIDE_HOSTNAME + value: mail.example.com + - name: PERMIT_DOCKER + value: none + - name: PFLOGSUMM_RECIPIENT + value: null + - name: PFLOGSUMM_SENDER + value: null + - name: PFLOGSUMM_TRIGGER + value: null + - name: POSTFIX_DAGENT + value: null + - name: POSTFIX_INET_PROTOCOLS + value: all + - name: POSTFIX_MAILBOX_SIZE_LIMIT + value: null + - name: POSTFIX_MESSAGE_SIZE_LIMIT + value: null + - name: POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME + value: "0" + - name: POSTGREY_AUTO_WHITELIST_CLIENTS + value: "5" + - name: POSTGREY_DELAY + value: "300" + - name: POSTGREY_MAX_AGE + value: "35" + - name: POSTGREY_TEXT + value: Delayed by Postgrey + - name: POSTMASTER_ADDRESS + value: null + - name: POSTSCREEN_ACTION + value: enforce + - name: RELAY_HOST + value: null + - name: RELAY_PASSWORD + value: null + - name: RELAY_PORT + value: "25" + - name: RELAY_USER + value: null + - name: REPORT_RECIPIENT + value: null + - name: REPORT_SENDER + value: null + - name: RSPAMD_CHECK_AUTHENTICATED + value: "0" + - name: RSPAMD_GREYLISTING + value: "0" + - name: RSPAMD_HFILTER + value: "1" + - name: RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE + value: "6" + - name: RSPAMD_LEARN + value: "0" + - name: SASLAUTHD_LDAP_AUTH_METHOD + value: null + - name: SASLAUTHD_LDAP_BIND_DN + value: null + - name: SASLAUTHD_LDAP_FILTER + value: null + - name: SASLAUTHD_LDAP_MECH + value: null + - name: SASLAUTHD_LDAP_PASSWORD + value: null + - name: SASLAUTHD_LDAP_PASSWORD_ATTR + value: null + - name: SASLAUTHD_LDAP_SEARCH_BASE + value: null + - name: SASLAUTHD_LDAP_SERVER + value: null + - name: SASLAUTHD_LDAP_START_TLS + value: null + - name: SASLAUTHD_LDAP_TLS_CACERT_DIR + value: null + - name: SASLAUTHD_LDAP_TLS_CACERT_FILE + value: null + - name: SASLAUTHD_LDAP_TLS_CHECK_PEER + value: null + - name: SASLAUTHD_MECHANISMS + value: null + - name: SASLAUTHD_MECH_OPTIONS + value: null + - name: SA_KILL + value: "10" + - name: SA_SPAM_SUBJECT + value: '***SPAM*** ' + - name: SA_TAG + value: "2" + - name: SA_TAG2 + value: "6.31" + - name: SMTP_ONLY + value: null + - name: SPAMASSASSIN_SPAM_TO_INBOX + value: "1" + - name: SPOOF_PROTECTION + value: null + - name: SRS_EXCLUDE_DOMAINS + value: null + - name: SRS_SECRET + value: null + - name: SRS_SENDER_CLASSES + value: envelope_sender + - name: SSL_ALT_CERT_PATH + value: null + - name: SSL_ALT_KEY_PATH + value: null + - name: SUPERVISOR_LOGLEVEL + value: null + - name: TLS_LEVEL + value: null + - name: TZ + value: null + - name: UPDATE_CHECK_INTERVAL + value: 1d + - name: VIRUSMAILS_DELETE_DELAY + value: null + image: mailserver/docker-mailserver:13.3.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "amavis|clamav|cron|dovecot|mailserver|opendkim|opendmarc|postfix|rsyslog" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + name: docker-mailserver + ports: + - containerPort: 25 + name: smtp + - containerPort: 465 + name: submissions + - containerPort: 587 + name: submission + - containerPort: 10465 + name: subs-proxy + - containerPort: 10587 + name: sub-proxy + - containerPort: 143 + name: imap + - containerPort: 993 + name: imaps + - containerPort: 10143 + name: imap-proxy + - containerPort: 10993 + name: imaps-proxy + - containerPort: 11334 + name: rspamd + readinessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "mailserver|postfix" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 500Mi + memory: 2048Mi + requests: + cpu: "1" + ephemeral-storage: 100Mi + memory: 1536Mi + securityContext: + privileged: false + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /tmp/docker-mailserver/dovecot.cf + name: dovecot-cf + subPath: dovecot.cf + - mountPath: /etc/dovecot/conf.d/10-plugin.conf + name: fts-xapian-plugin-conf + subPath: fts-xapian-plugin.conf + - mountPath: /tmp/docker-mailserver/user-patches.sh + name: user-patches-sh + subPath: user-patches.sh + - mountPath: /tmp/docker-mailserver + name: mail-config + - mountPath: /var/mail + name: mail-data + - mountPath: /var/log/mail + name: mail-log + - mountPath: /var/mail-state + name: mail-state + nodeSelector: {} + priorityClassName: null + restartPolicy: Always + runtimeClassName: null + securityContext: null + serviceAccountName: RELEASE-NAME-docker-mailserver + volumes: + - configMap: + name: dovecot-cf + name: dovecot-cf + - configMap: + name: fts-xapian-plugin-conf + name: fts-xapian-plugin-conf + - configMap: + name: user-patches-sh + name: user-patches-sh + - name: mail-config + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-config + - name: mail-data + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-data + - name: mail-log + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-log + - name: mail-state + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-state diff --git a/charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap new file mode 100644 index 00000000..6c4cc6ea --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap @@ -0,0 +1,37 @@ +manifest should match snapshot: + 1: | + apiVersion: v1 + data: + dovecot.cf: "\nhaproxy_trusted_networks = 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16\nservice imap-login {\n inet_listener imap {\n port = 143\n }\n \n inet_listener imaps {\n port = 993\n ssl = yes\n }\n \n inet_listener imap_proxy {\n haproxy = yes\n port = 10143\n ssl = no\n }\n\n inet_listener imaps_proxy {\n haproxy = yes\n port = 10993\n ssl = yes\n }\n}\n" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-3.0.4 + heritage: Helm + release: RELEASE-NAME + name: dovecot-cf + 2: | + apiVersion: v1 + data: + fts-xapian-plugin.conf: "" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-3.0.4 + heritage: Helm + release: RELEASE-NAME + name: fts-xapian-plugin-conf + 3: | + apiVersion: v1 + data: + user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <> /etc/postfix/master.cf\n\n# Submission with proxy\n10587 inet n - n - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy \n\n# Submissions with proxy\n10465 inet n - n - - smtpd\n -o syslog_name=postfix/submissions\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy\nEOS\n" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-3.0.4 + heritage: Helm + release: RELEASE-NAME + name: user-patches-sh diff --git a/charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap new file mode 100644 index 00000000..7b5f41e6 --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap @@ -0,0 +1,92 @@ +manifest should match snapshot: + 1: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-config + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Mi + 2: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + 3: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-log + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + 4: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-state + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +should apply annotations from persistence.annotations: + 1: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + backup.banana.io/deltas: pancakes + name: RELEASE-NAME-docker-mailserver-mail-config + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Mi + 2: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + 3: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-log + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + 4: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-state + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap new file mode 100644 index 00000000..23618e9b --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap @@ -0,0 +1,373 @@ +manifest should match snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-1.0.0 + heritage: Helm + release: RELEASE-NAME + name: RELEASE-NAME-docker-mailserver + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + spec: + containers: + - env: + - name: ACCOUNT_PROVISIONER + value: null + - name: AMAVIS_LOGLEVEL + value: "0" + - name: CLAMAV_MESSAGE_SIZE_LIMIT + value: null + - name: DEFAULT_RELAY_HOST + value: null + - name: DMS_VMAIL_GID + value: null + - name: DMS_VMAIL_UID + value: null + - name: DOVECOT_AUTH_BIND + value: null + - name: DOVECOT_INET_PROTOCOLS + value: all + - name: DOVECOT_MAILBOX_FORMAT + value: maildir + - name: DOVECOT_PASS_FILTER + value: null + - name: DOVECOT_TLS + value: null + - name: DOVECOT_USER_FILTER + value: null + - name: ENABLE_AMAVIS + value: "0" + - name: ENABLE_CLAMAV + value: "0" + - name: ENABLE_DNSBL + value: "0" + - name: ENABLE_FAIL2BAN + value: "0" + - name: ENABLE_FETCHMAIL + value: "0" + - name: ENABLE_GETMAIL + value: "0" + - name: ENABLE_IMAP + value: "1" + - name: ENABLE_MANAGESIEVE + value: null + - name: ENABLE_OPENDKIM + value: "0" + - name: ENABLE_OPENDMARC + value: "0" + - name: ENABLE_POLICYD_SPF + value: "0" + - name: ENABLE_POP3 + value: null + - name: ENABLE_POSTGREY + value: "0" + - name: ENABLE_QUOTAS + value: "1" + - name: ENABLE_RSPAMD + value: "1" + - name: ENABLE_RSPAMD_REDIS + value: "1" + - name: ENABLE_SASLAUTHD + value: "0" + - name: ENABLE_SPAMASSASSIN + value: "0" + - name: ENABLE_SPAMASSASSIN_KAM + value: "0" + - name: ENABLE_SRS + value: "0" + - name: ENABLE_UPDATE_CHECK + value: "1" + - name: FAIL2BAN_BLOCKTYPE + value: drop + - name: FETCHMAIL_PARALLEL + value: "0" + - name: FETCHMAIL_POLL + value: "300" + - name: GETMAIL_POLL + value: "5" + - name: LDAP_BIND_DN + value: null + - name: LDAP_BIND_PW + value: null + - name: LDAP_QUERY_FILTER_ALIAS + value: null + - name: LDAP_QUERY_FILTER_DOMAIN + value: null + - name: LDAP_QUERY_FILTER_GROUP + value: null + - name: LDAP_QUERY_FILTER_USER + value: null + - name: LDAP_SEARCH_BASE + value: null + - name: LDAP_SERVER_HOST + value: null + - name: LDAP_START_TLS + value: null + - name: LOGROTATE_INTERVAL + value: weekly + - name: LOGWATCH_INTERVAL + value: null + - name: LOGWATCH_RECIPIENT + value: null + - name: LOGWATCH_SENDER + value: null + - name: LOG_LEVEL + value: info + - name: MARK_SPAM_AS_READ + value: "0" + - name: MOVE_SPAM_TO_JUNK + value: "1" + - name: NETWORK_INTERFACE + value: null + - name: ONE_DIR + value: "1" + - name: OVERRIDE_HOSTNAME + value: mail.example.com + - name: PERMIT_DOCKER + value: none + - name: PFLOGSUMM_RECIPIENT + value: null + - name: PFLOGSUMM_SENDER + value: null + - name: PFLOGSUMM_TRIGGER + value: null + - name: POSTFIX_DAGENT + value: null + - name: POSTFIX_INET_PROTOCOLS + value: all + - name: POSTFIX_MAILBOX_SIZE_LIMIT + value: null + - name: POSTFIX_MESSAGE_SIZE_LIMIT + value: null + - name: POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME + value: "0" + - name: POSTGREY_AUTO_WHITELIST_CLIENTS + value: "5" + - name: POSTGREY_DELAY + value: "300" + - name: POSTGREY_MAX_AGE + value: "35" + - name: POSTGREY_TEXT + value: Delayed by Postgrey + - name: POSTMASTER_ADDRESS + value: null + - name: POSTSCREEN_ACTION + value: enforce + - name: RELAY_HOST + value: null + - name: RELAY_PASSWORD + value: null + - name: RELAY_PORT + value: "25" + - name: RELAY_USER + value: null + - name: REPORT_RECIPIENT + value: null + - name: REPORT_SENDER + value: null + - name: RSPAMD_CHECK_AUTHENTICATED + value: "0" + - name: RSPAMD_GREYLISTING + value: "0" + - name: RSPAMD_HFILTER + value: "1" + - name: RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE + value: "6" + - name: RSPAMD_LEARN + value: "0" + - name: SASLAUTHD_LDAP_AUTH_METHOD + value: null + - name: SASLAUTHD_LDAP_BIND_DN + value: null + - name: SASLAUTHD_LDAP_FILTER + value: null + - name: SASLAUTHD_LDAP_MECH + value: null + - name: SASLAUTHD_LDAP_PASSWORD + value: null + - name: SASLAUTHD_LDAP_PASSWORD_ATTR + value: null + - name: SASLAUTHD_LDAP_SEARCH_BASE + value: null + - name: SASLAUTHD_LDAP_SERVER + value: null + - name: SASLAUTHD_LDAP_START_TLS + value: null + - name: SASLAUTHD_LDAP_TLS_CACERT_DIR + value: null + - name: SASLAUTHD_LDAP_TLS_CACERT_FILE + value: null + - name: SASLAUTHD_LDAP_TLS_CHECK_PEER + value: null + - name: SASLAUTHD_MECHANISMS + value: null + - name: SASLAUTHD_MECH_OPTIONS + value: null + - name: SA_KILL + value: "10" + - name: SA_SPAM_SUBJECT + value: '***SPAM*** ' + - name: SA_TAG + value: "2" + - name: SA_TAG2 + value: "6.31" + - name: SMTP_ONLY + value: null + - name: SPAMASSASSIN_SPAM_TO_INBOX + value: "1" + - name: SPOOF_PROTECTION + value: null + - name: SRS_EXCLUDE_DOMAINS + value: null + - name: SRS_SECRET + value: null + - name: SRS_SENDER_CLASSES + value: envelope_sender + - name: SSL_ALT_CERT_PATH + value: null + - name: SSL_ALT_KEY_PATH + value: null + - name: SUPERVISOR_LOGLEVEL + value: null + - name: TLS_LEVEL + value: null + - name: TZ + value: null + - name: UPDATE_CHECK_INTERVAL + value: 1d + - name: VIRUSMAILS_DELETE_DELAY + value: null + image: mailserver/docker-mailserver:13.3.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "amavis|clamav|cron|dovecot|mailserver|opendkim|opendmarc|postfix|rsyslog" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + name: docker-mailserver + ports: + - containerPort: 25 + name: smtp + - containerPort: 465 + name: submissions + - containerPort: 587 + name: submission + - containerPort: 10465 + name: subs-proxy + - containerPort: 10587 + name: sub-proxy + - containerPort: 143 + name: imap + - containerPort: 993 + name: imaps + - containerPort: 10143 + name: imap-proxy + - containerPort: 10993 + name: imaps-proxy + - containerPort: 11334 + name: rspamd + readinessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "mailserver|postfix" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 500Mi + memory: 2048Mi + requests: + cpu: "1" + ephemeral-storage: 100Mi + memory: 1536Mi + securityContext: + privileged: false + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /tmp/docker-mailserver/dovecot.cf + name: dovecot-cf + subPath: dovecot.cf + - mountPath: /etc/dovecot/conf.d/10-plugin.conf + name: fts-xapian-plugin-conf + subPath: fts-xapian-plugin.conf + - mountPath: /tmp/docker-mailserver/user-patches.sh + name: user-patches-sh + subPath: user-patches.sh + - mountPath: /tmp/docker-mailserver/secret.yaml + name: mailserver-secret-yaml + subPath: mailserver-secret.yaml + - mountPath: /tmp/docker-mailserver + name: mail-config + - mountPath: /var/mail + name: mail-data + - mountPath: /var/log/mail + name: mail-log + - mountPath: /var/mail-state + name: mail-state + nodeSelector: {} + priorityClassName: null + restartPolicy: Always + runtimeClassName: null + securityContext: null + serviceAccountName: RELEASE-NAME-docker-mailserver + volumes: + - configMap: + name: dovecot-cf + name: dovecot-cf + - configMap: + name: fts-xapian-plugin-conf + name: fts-xapian-plugin-conf + - configMap: + name: user-patches-sh + name: user-patches-sh + - name: mailserver-secret-yaml + secret: + secretName: mailserver-secret-yaml + - name: mail-config + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-config + - name: mail-data + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-data + - name: mail-log + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-log + - name: mail-state + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-state + 2: | + apiVersion: v1 + data: + mailserver-secret.yaml: | + mailserver-username: test + mailserver-password: test + kind: Secret + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-1.0.0 + heritage: Helm + release: RELEASE-NAME + name: mailserver-secret-yaml diff --git a/charts/docker-mailserver/tests/configmap_test.yaml b/charts/docker-mailserver/tests/configmap_test.yaml index 8c2f6484..f3c71ae9 100644 --- a/charts/docker-mailserver/tests/configmap_test.yaml +++ b/charts/docker-mailserver/tests/configmap_test.yaml @@ -1,25 +1,23 @@ suite: configmap templates: - configmap.yaml +chart: + version: 0.1.0 tests: - - - it: should correctly import configmaps from config/ if demo mode is disabled - set: - demoMode.enabled: false - asserts: - - matchRegex: - path: data.fail2ban-fail2ban\.cf - pattern: "dbpurgeage" - - - it: should configure imaps port 10993 if proxyProtocol enabled set: - proxyProtocol.enabled: true + proxyProtocol.enabled: true + documentIndex: 0 asserts: + - isKind: + of: ConfigMap - matchRegex: - path: data.dovecot\.cf - pattern: 10993 + path: data["dovecot.cf"] + pattern: "10993" - it: manifest should match snapshot + set: + proxyProtocol: + enabled: true asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } \ No newline at end of file diff --git a/charts/docker-mailserver/tests/deployment_test.yaml b/charts/docker-mailserver/tests/deployment_test.yaml index 5a9718e7..fc044275 100644 --- a/charts/docker-mailserver/tests/deployment_test.yaml +++ b/charts/docker-mailserver/tests/deployment_test.yaml @@ -1,6 +1,8 @@ suite: deployment tests templates: - deployment.yaml +chart: + version: 0.1.0 tests: - it: image and tag should end up in deployment set: @@ -18,4 +20,4 @@ tests: - it: manifest should match snapshot asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } \ No newline at end of file diff --git a/charts/docker-mailserver/tests/haproxy_test.yaml b/charts/docker-mailserver/tests/haproxy_test.yaml deleted file mode 100644 index 513dc66e..00000000 --- a/charts/docker-mailserver/tests/haproxy_test.yaml +++ /dev/null @@ -1,18 +0,0 @@ -suite: haproxy -templates: - - configmap.yaml -tests: - - - it: should not add proxyProtocol options to postfix/dovecot if proxyProtocol support is not enabled - set: - proxyProtocol.enabled: false - asserts: - - notMatchRegex: - path: data.postfix-main\.cf - pattern: haproxy - - isNull: - path: data.dovecot\.cf - - - it: manifest should match snapshot - asserts: - - matchSnapshot: {} \ No newline at end of file diff --git a/charts/docker-mailserver/tests/oobe_test.yaml b/charts/docker-mailserver/tests/oobe_test.yaml deleted file mode 100644 index 48d8d130..00000000 --- a/charts/docker-mailserver/tests/oobe_test.yaml +++ /dev/null @@ -1,58 +0,0 @@ -suite: oobe -templates: - - configmap.yaml - - secret.yaml - - deployment.yaml -tests: - - # Demo mode is on OOB, so test it functions as expected - - it: should correctly configure configmaps if demo mode is enabled - asserts: - - matchRegex: - path: data.postfix-accounts\.cf - pattern: user@example.com|{SHA512-CRYPT}$6$l4023rZnQEy/l0Rg$JeNjAAICB43VAX7GTJ9jeE7DR0LeyR5nU.ftq3c42T5E1IZSuRBqwM8erRh6t0CyIT6aYpBIAopzcQHNUvMV00 - - matchRegex: - path: data.SigningTable - pattern: \*\@example.com mail._domainkey.example.com - - matchRegex: - path: data.KeyTable - pattern: mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private - - matchRegex: - path: data.TrustedHosts - pattern: 127.0.0.1 - - - it: should correctly configure secrets if demo mode is enabled - asserts: - - matchRegex: - path: data.example\.com-mail\.private - pattern: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS - template: secret.yaml - - # SPF tests shoudl be performed under normal circumstances - - it: should perform SPF tests under normal conditions - asserts: - - notMatchRegex: - path: data.postfix-main\.cf - pattern: smtpd_recipient_restrictions - - # proxyProtocol is enabled by default - - it: should correctly configure postfix/dovecot if proxyProtocol support is enabled - set: - asserts: - - matchRegex: - path: data.postfix-main\.cf - pattern: haproxy - - matchRegex: - path: data.dovecot\.cf - pattern: haproxy - - - it: should configure imaps port 10993 if proxyProtocol is enabled - set: - asserts: - - matchRegex: - path: data.dovecot\.cf - pattern: 10993 - - - it: manifest should match snapshot - asserts: - - matchSnapshot: {} \ No newline at end of file diff --git a/charts/docker-mailserver/tests/pvc_test.yaml b/charts/docker-mailserver/tests/pvc_test.yaml index 69ce404f..cc4f5d02 100644 --- a/charts/docker-mailserver/tests/pvc_test.yaml +++ b/charts/docker-mailserver/tests/pvc_test.yaml @@ -1,20 +1,26 @@ - suite: pvc creation templates: - pvc.yaml +values: + - ../values.yaml +chart: + version: 0.1.0 tests: - - it: should apply annotations from persistence.annotations set: - persistence.annotations.backup\.banana\.io/deltas: pancakes + persistence: + mail-config: + annotations: + backup.banana.io/deltas: pancakes asserts: - - equal: - path: metadata.annotations.backup\.banana\.io/deltas - value: pancakes + - matchSnapshot: { } - it: should create pvc of specified size set: - persistence.size: 1Pb + persistence: + mail-data: + size: 1Pb + documentIndex: 1 asserts: - equal: path: spec.resources.requests.storage @@ -22,4 +28,4 @@ tests: - it: manifest should match snapshot asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } \ No newline at end of file diff --git a/charts/docker-mailserver/tests/secret_test.yaml b/charts/docker-mailserver/tests/secret_test.yaml index 7b405f52..aa45caec 100644 --- a/charts/docker-mailserver/tests/secret_test.yaml +++ b/charts/docker-mailserver/tests/secret_test.yaml @@ -1,22 +1,18 @@ suite: secret templates: - secret.yaml + - deployment.yaml +chart: + version: 1.0.0 tests: - - - it: should correctly import opendkim keys from config/opendkim/keys if demo mode is disabled - set: - demoMode.enabled: false - domains: - - example.com - asserts: - - matchRegex: - path: data.example\.com-mail\.private - pattern: "LS0tLS1CRUdJTiBSU0EgUF" - - it: manifest should match snapshot set: - demoMode.enabled: false - domains: - - example.com + secrets: + - name: mailserver-secret.yaml + create: true + path: secret.yaml + data: | + mailserver-username: test + mailserver-password: test asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } diff --git a/charts/docker-mailserver/tests/spf_test.yaml b/charts/docker-mailserver/tests/spf_test.yaml deleted file mode 100644 index ae9019e0..00000000 --- a/charts/docker-mailserver/tests/spf_test.yaml +++ /dev/null @@ -1,15 +0,0 @@ -suite: disable_spf_tests -templates: - - configmap.yaml -tests: - - it: should disable SPF tests when requested - set: - disable_spf_tests: true - asserts: - - notMatchRegex: - path: data.postfix-main\.cf - pattern: private/policyd-spf - - - it: manifest should match snapshot - asserts: - - matchSnapshot: {} \ No newline at end of file diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml index b3050668..d10d10b6 100644 --- a/charts/docker-mailserver/values.yaml +++ b/charts/docker-mailserver/values.yaml @@ -289,7 +289,7 @@ service: ## Default: Automatically assign a random, ephemeral IP # publicIp: ## If there should be firewall rules restricting the load balancer to a limited set of IPs, specify those IPs below - ## in CIDR format. If all IPs shoud be allowed access, set the CIDR as "0.0.0.0/0" + ## in CIDR format. If all IPs should be allowed access, set the CIDR as "0.0.0.0/0" allowedIps: - "0.0.0.0/0" ## If there is a Hostname associated with this site, add it here and it will be rendered in the documentation. @@ -297,7 +297,7 @@ service: annotations: {} labels: {} -# Note this is a dictionary and not a list so invidual keys can be overriden by --set or --value helm parameters +# Note this is a dictionary and not a list so individual keys can be overridden by --set or --value helm parameters persistence: # Stores generated configuration files # https://docker-mailserver.github.io/docker-mailserver/edge/faq/#what-about-the-docker-datadmsconfig-directory @@ -358,7 +358,7 @@ persistence: ## See https://github.com/prometheus/docs/blob/master/content/docs/operating/configuration.md ## See https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml monitoring: - ## Whether to scrape this service with the montoring toolkit. Mostly useful for blackbox probing of a given service + ## Whether to scrape this service with the monitoring toolkit. Mostly useful for blackbox probing of a given service ## to ensure it's "up" service: ## monitoring should be configured to only scrape services that have a value of "true" @@ -371,7 +371,7 @@ monitoring: port: "9102" ## Whether to scape the pods associated with this application. Useful for collecting metrics. pod: - ## monitoring shoudl be configured to only scrape pods that have a value of `true` + ## monitoring should be configured to only scrape pods that have a value of `true` scrape: "true" ## monitoring should be configured to only probe services that have a value of "true" probe: "false" @@ -433,7 +433,7 @@ metrics: ## are stored in its chart/config directory. ## ## However, Helm does not provide a way too save external files to a ConfigMap or Secret. -## This is problem for docker-mailserver because you need to setup postfix acounts, +## This is problem for docker-mailserver because you need to setup postfix accounts, ## dovecot accounts, etc. ## ## The configs and secrets keys solve this problem. They allow you to add additional config From cc2fbf7918a95cb941e38d17cf74cd4893d7b068 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Sun, 26 May 2024 14:31:26 +0200 Subject: [PATCH 03/12] use default values --- .../__snapshot__/deployment_test.yaml.snap | 120 ------------------ .../tests/__snapshot__/secret_test.yaml.snap | 120 ------------------ .../tests/configmap_test.yaml | 2 + .../tests/deployment_test.yaml | 2 + .../docker-mailserver/tests/secret_test.yaml | 2 + 5 files changed, 6 insertions(+), 240 deletions(-) diff --git a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap index fb15a4d6..293fa2dc 100644 --- a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap @@ -25,30 +25,12 @@ manifest should match snapshot: spec: containers: - env: - - name: ACCOUNT_PROVISIONER - value: null - name: AMAVIS_LOGLEVEL value: "0" - - name: CLAMAV_MESSAGE_SIZE_LIMIT - value: null - - name: DEFAULT_RELAY_HOST - value: null - - name: DMS_VMAIL_GID - value: null - - name: DMS_VMAIL_UID - value: null - - name: DOVECOT_AUTH_BIND - value: null - name: DOVECOT_INET_PROTOCOLS value: all - name: DOVECOT_MAILBOX_FORMAT value: maildir - - name: DOVECOT_PASS_FILTER - value: null - - name: DOVECOT_TLS - value: null - - name: DOVECOT_USER_FILTER - value: null - name: ENABLE_AMAVIS value: "0" - name: ENABLE_CLAMAV @@ -63,16 +45,12 @@ manifest should match snapshot: value: "0" - name: ENABLE_IMAP value: "1" - - name: ENABLE_MANAGESIEVE - value: null - name: ENABLE_OPENDKIM value: "0" - name: ENABLE_OPENDMARC value: "0" - name: ENABLE_POLICYD_SPF value: "0" - - name: ENABLE_POP3 - value: null - name: ENABLE_POSTGREY value: "0" - name: ENABLE_QUOTAS @@ -99,60 +77,22 @@ manifest should match snapshot: value: "300" - name: GETMAIL_POLL value: "5" - - name: LDAP_BIND_DN - value: null - - name: LDAP_BIND_PW - value: null - - name: LDAP_QUERY_FILTER_ALIAS - value: null - - name: LDAP_QUERY_FILTER_DOMAIN - value: null - - name: LDAP_QUERY_FILTER_GROUP - value: null - - name: LDAP_QUERY_FILTER_USER - value: null - - name: LDAP_SEARCH_BASE - value: null - - name: LDAP_SERVER_HOST - value: null - - name: LDAP_START_TLS - value: null - name: LOGROTATE_INTERVAL value: weekly - - name: LOGWATCH_INTERVAL - value: null - - name: LOGWATCH_RECIPIENT - value: null - - name: LOGWATCH_SENDER - value: null - name: LOG_LEVEL value: info - name: MARK_SPAM_AS_READ value: "0" - name: MOVE_SPAM_TO_JUNK value: "1" - - name: NETWORK_INTERFACE - value: null - name: ONE_DIR value: "1" - name: OVERRIDE_HOSTNAME value: mail.example.com - name: PERMIT_DOCKER value: none - - name: PFLOGSUMM_RECIPIENT - value: null - - name: PFLOGSUMM_SENDER - value: null - - name: PFLOGSUMM_TRIGGER - value: null - - name: POSTFIX_DAGENT - value: null - name: POSTFIX_INET_PROTOCOLS value: all - - name: POSTFIX_MAILBOX_SIZE_LIMIT - value: null - - name: POSTFIX_MESSAGE_SIZE_LIMIT - value: null - name: POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME value: "0" - name: POSTGREY_AUTO_WHITELIST_CLIENTS @@ -163,22 +103,10 @@ manifest should match snapshot: value: "35" - name: POSTGREY_TEXT value: Delayed by Postgrey - - name: POSTMASTER_ADDRESS - value: null - name: POSTSCREEN_ACTION value: enforce - - name: RELAY_HOST - value: null - - name: RELAY_PASSWORD - value: null - name: RELAY_PORT value: "25" - - name: RELAY_USER - value: null - - name: REPORT_RECIPIENT - value: null - - name: REPORT_SENDER - value: null - name: RSPAMD_CHECK_AUTHENTICATED value: "0" - name: RSPAMD_GREYLISTING @@ -189,34 +117,6 @@ manifest should match snapshot: value: "6" - name: RSPAMD_LEARN value: "0" - - name: SASLAUTHD_LDAP_AUTH_METHOD - value: null - - name: SASLAUTHD_LDAP_BIND_DN - value: null - - name: SASLAUTHD_LDAP_FILTER - value: null - - name: SASLAUTHD_LDAP_MECH - value: null - - name: SASLAUTHD_LDAP_PASSWORD - value: null - - name: SASLAUTHD_LDAP_PASSWORD_ATTR - value: null - - name: SASLAUTHD_LDAP_SEARCH_BASE - value: null - - name: SASLAUTHD_LDAP_SERVER - value: null - - name: SASLAUTHD_LDAP_START_TLS - value: null - - name: SASLAUTHD_LDAP_TLS_CACERT_DIR - value: null - - name: SASLAUTHD_LDAP_TLS_CACERT_FILE - value: null - - name: SASLAUTHD_LDAP_TLS_CHECK_PEER - value: null - - name: SASLAUTHD_MECHANISMS - value: null - - name: SASLAUTHD_MECH_OPTIONS - value: null - name: SA_KILL value: "10" - name: SA_SPAM_SUBJECT @@ -225,32 +125,12 @@ manifest should match snapshot: value: "2" - name: SA_TAG2 value: "6.31" - - name: SMTP_ONLY - value: null - name: SPAMASSASSIN_SPAM_TO_INBOX value: "1" - - name: SPOOF_PROTECTION - value: null - - name: SRS_EXCLUDE_DOMAINS - value: null - - name: SRS_SECRET - value: null - name: SRS_SENDER_CLASSES value: envelope_sender - - name: SSL_ALT_CERT_PATH - value: null - - name: SSL_ALT_KEY_PATH - value: null - - name: SUPERVISOR_LOGLEVEL - value: null - - name: TLS_LEVEL - value: null - - name: TZ - value: null - name: UPDATE_CHECK_INTERVAL value: 1d - - name: VIRUSMAILS_DELETE_DELAY - value: null image: mailserver/docker-mailserver:13.3.1 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap index 23618e9b..edcf2ef3 100644 --- a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap @@ -25,30 +25,12 @@ manifest should match snapshot: spec: containers: - env: - - name: ACCOUNT_PROVISIONER - value: null - name: AMAVIS_LOGLEVEL value: "0" - - name: CLAMAV_MESSAGE_SIZE_LIMIT - value: null - - name: DEFAULT_RELAY_HOST - value: null - - name: DMS_VMAIL_GID - value: null - - name: DMS_VMAIL_UID - value: null - - name: DOVECOT_AUTH_BIND - value: null - name: DOVECOT_INET_PROTOCOLS value: all - name: DOVECOT_MAILBOX_FORMAT value: maildir - - name: DOVECOT_PASS_FILTER - value: null - - name: DOVECOT_TLS - value: null - - name: DOVECOT_USER_FILTER - value: null - name: ENABLE_AMAVIS value: "0" - name: ENABLE_CLAMAV @@ -63,16 +45,12 @@ manifest should match snapshot: value: "0" - name: ENABLE_IMAP value: "1" - - name: ENABLE_MANAGESIEVE - value: null - name: ENABLE_OPENDKIM value: "0" - name: ENABLE_OPENDMARC value: "0" - name: ENABLE_POLICYD_SPF value: "0" - - name: ENABLE_POP3 - value: null - name: ENABLE_POSTGREY value: "0" - name: ENABLE_QUOTAS @@ -99,60 +77,22 @@ manifest should match snapshot: value: "300" - name: GETMAIL_POLL value: "5" - - name: LDAP_BIND_DN - value: null - - name: LDAP_BIND_PW - value: null - - name: LDAP_QUERY_FILTER_ALIAS - value: null - - name: LDAP_QUERY_FILTER_DOMAIN - value: null - - name: LDAP_QUERY_FILTER_GROUP - value: null - - name: LDAP_QUERY_FILTER_USER - value: null - - name: LDAP_SEARCH_BASE - value: null - - name: LDAP_SERVER_HOST - value: null - - name: LDAP_START_TLS - value: null - name: LOGROTATE_INTERVAL value: weekly - - name: LOGWATCH_INTERVAL - value: null - - name: LOGWATCH_RECIPIENT - value: null - - name: LOGWATCH_SENDER - value: null - name: LOG_LEVEL value: info - name: MARK_SPAM_AS_READ value: "0" - name: MOVE_SPAM_TO_JUNK value: "1" - - name: NETWORK_INTERFACE - value: null - name: ONE_DIR value: "1" - name: OVERRIDE_HOSTNAME value: mail.example.com - name: PERMIT_DOCKER value: none - - name: PFLOGSUMM_RECIPIENT - value: null - - name: PFLOGSUMM_SENDER - value: null - - name: PFLOGSUMM_TRIGGER - value: null - - name: POSTFIX_DAGENT - value: null - name: POSTFIX_INET_PROTOCOLS value: all - - name: POSTFIX_MAILBOX_SIZE_LIMIT - value: null - - name: POSTFIX_MESSAGE_SIZE_LIMIT - value: null - name: POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME value: "0" - name: POSTGREY_AUTO_WHITELIST_CLIENTS @@ -163,22 +103,10 @@ manifest should match snapshot: value: "35" - name: POSTGREY_TEXT value: Delayed by Postgrey - - name: POSTMASTER_ADDRESS - value: null - name: POSTSCREEN_ACTION value: enforce - - name: RELAY_HOST - value: null - - name: RELAY_PASSWORD - value: null - name: RELAY_PORT value: "25" - - name: RELAY_USER - value: null - - name: REPORT_RECIPIENT - value: null - - name: REPORT_SENDER - value: null - name: RSPAMD_CHECK_AUTHENTICATED value: "0" - name: RSPAMD_GREYLISTING @@ -189,34 +117,6 @@ manifest should match snapshot: value: "6" - name: RSPAMD_LEARN value: "0" - - name: SASLAUTHD_LDAP_AUTH_METHOD - value: null - - name: SASLAUTHD_LDAP_BIND_DN - value: null - - name: SASLAUTHD_LDAP_FILTER - value: null - - name: SASLAUTHD_LDAP_MECH - value: null - - name: SASLAUTHD_LDAP_PASSWORD - value: null - - name: SASLAUTHD_LDAP_PASSWORD_ATTR - value: null - - name: SASLAUTHD_LDAP_SEARCH_BASE - value: null - - name: SASLAUTHD_LDAP_SERVER - value: null - - name: SASLAUTHD_LDAP_START_TLS - value: null - - name: SASLAUTHD_LDAP_TLS_CACERT_DIR - value: null - - name: SASLAUTHD_LDAP_TLS_CACERT_FILE - value: null - - name: SASLAUTHD_LDAP_TLS_CHECK_PEER - value: null - - name: SASLAUTHD_MECHANISMS - value: null - - name: SASLAUTHD_MECH_OPTIONS - value: null - name: SA_KILL value: "10" - name: SA_SPAM_SUBJECT @@ -225,32 +125,12 @@ manifest should match snapshot: value: "2" - name: SA_TAG2 value: "6.31" - - name: SMTP_ONLY - value: null - name: SPAMASSASSIN_SPAM_TO_INBOX value: "1" - - name: SPOOF_PROTECTION - value: null - - name: SRS_EXCLUDE_DOMAINS - value: null - - name: SRS_SECRET - value: null - name: SRS_SENDER_CLASSES value: envelope_sender - - name: SSL_ALT_CERT_PATH - value: null - - name: SSL_ALT_KEY_PATH - value: null - - name: SUPERVISOR_LOGLEVEL - value: null - - name: TLS_LEVEL - value: null - - name: TZ - value: null - name: UPDATE_CHECK_INTERVAL value: 1d - - name: VIRUSMAILS_DELETE_DELAY - value: null image: mailserver/docker-mailserver:13.3.1 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/charts/docker-mailserver/tests/configmap_test.yaml b/charts/docker-mailserver/tests/configmap_test.yaml index f3c71ae9..73d11609 100644 --- a/charts/docker-mailserver/tests/configmap_test.yaml +++ b/charts/docker-mailserver/tests/configmap_test.yaml @@ -3,6 +3,8 @@ templates: - configmap.yaml chart: version: 0.1.0 +values: + - ../values.yaml tests: - it: should configure imaps port 10993 if proxyProtocol enabled set: diff --git a/charts/docker-mailserver/tests/deployment_test.yaml b/charts/docker-mailserver/tests/deployment_test.yaml index fc044275..292dbf64 100644 --- a/charts/docker-mailserver/tests/deployment_test.yaml +++ b/charts/docker-mailserver/tests/deployment_test.yaml @@ -3,6 +3,8 @@ templates: - deployment.yaml chart: version: 0.1.0 +values: + - ../values.yaml tests: - it: image and tag should end up in deployment set: diff --git a/charts/docker-mailserver/tests/secret_test.yaml b/charts/docker-mailserver/tests/secret_test.yaml index aa45caec..0685749c 100644 --- a/charts/docker-mailserver/tests/secret_test.yaml +++ b/charts/docker-mailserver/tests/secret_test.yaml @@ -4,6 +4,8 @@ templates: - deployment.yaml chart: version: 1.0.0 +values: + - ../values.yaml tests: - it: manifest should match snapshot set: From 320c91470935f1768c16ce79f1b0e534bcd80cac Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Sun, 26 May 2024 14:32:48 +0200 Subject: [PATCH 04/12] remove haproxy test --- .../tests/__snapshot__/haproxy_test.yaml.snap | 37 ------------------- 1 file changed, 37 deletions(-) delete mode 100644 charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap diff --git a/charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap deleted file mode 100644 index 6c4cc6ea..00000000 --- a/charts/docker-mailserver/tests/__snapshot__/haproxy_test.yaml.snap +++ /dev/null @@ -1,37 +0,0 @@ -manifest should match snapshot: - 1: | - apiVersion: v1 - data: - dovecot.cf: "\nhaproxy_trusted_networks = 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16\nservice imap-login {\n inet_listener imap {\n port = 143\n }\n \n inet_listener imaps {\n port = 993\n ssl = yes\n }\n \n inet_listener imap_proxy {\n haproxy = yes\n port = 10143\n ssl = no\n }\n\n inet_listener imaps_proxy {\n haproxy = yes\n port = 10993\n ssl = yes\n }\n}\n" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/name: RELEASE-NAME-docker-mailserver - chart: docker-mailserver-3.0.4 - heritage: Helm - release: RELEASE-NAME - name: dovecot-cf - 2: | - apiVersion: v1 - data: - fts-xapian-plugin.conf: "" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/name: RELEASE-NAME-docker-mailserver - chart: docker-mailserver-3.0.4 - heritage: Helm - release: RELEASE-NAME - name: fts-xapian-plugin-conf - 3: | - apiVersion: v1 - data: - user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <> /etc/postfix/master.cf\n\n# Submission with proxy\n10587 inet n - n - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy \n\n# Submissions with proxy\n10465 inet n - n - - smtpd\n -o syslog_name=postfix/submissions\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy\nEOS\n" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/name: RELEASE-NAME-docker-mailserver - chart: docker-mailserver-3.0.4 - heritage: Helm - release: RELEASE-NAME - name: user-patches-sh From 78d5e538f25351a09c237d7a995df134ae8d2c1d Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Sun, 26 May 2024 14:52:53 +0200 Subject: [PATCH 05/12] chart version bump --- charts/docker-mailserver/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/docker-mailserver/Chart.yaml b/charts/docker-mailserver/Chart.yaml index bf568454..fe4f38fa 100644 --- a/charts/docker-mailserver/Chart.yaml +++ b/charts/docker-mailserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "13.3.1" description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. name: docker-mailserver -version: 3.0.13 +version: 3.0.14 sources: - https://github.com/docker-mailserver/docker-mailserver-helm maintainers: From 0d5592a6fd1b752675dea8e050d086a7c2484a96 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:35:06 +0200 Subject: [PATCH 06/12] revert unrelated changes --- .../templates/deployment.yaml | 18 +++++++-------- charts/docker-mailserver/values.yaml | 22 +++++++++---------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index f921f13f..d8336f24 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -57,10 +57,10 @@ spec: {{- end }} # Secrets - {{- range .Values.secrets }} - - name: {{ regexReplaceAll "[.]" .name "-" }} + {{- range $name, $secret := .Values.secrets }} + - name: {{ regexReplaceAll "[.]" $name "-" }} secret: - secretName: {{ regexReplaceAll "[.]" .name "-" }} + secretName: {{ regexReplaceAll "[.]" $name "-" }} {{- end }} # Certificate @@ -144,13 +144,13 @@ spec: {{- end }} # Config via Secrets - {{- range .Values.secrets }} - - name: {{ regexReplaceAll "[.]" .name "-" }} - subPath: {{ .key | default .name }} - {{- if isAbs .path }} - mountPath: {{ $.path }} + {{- range $name, $secret := .Values.secrets }} + - name: {{ regexReplaceAll "[.]" $name "-" }} + subPath: {{ $secret.key | default $name }} + {{- if isAbs $secret.path }} + mountPath: {{ $secret.path }} {{- else }} - mountPath: /tmp/docker-mailserver/{{ .path }} + mountPath: /tmp/docker-mailserver/{{ $secret.path }} {{- end }} {{- end }} diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml index 41d80b50..ad3c036f 100644 --- a/charts/docker-mailserver/values.yaml +++ b/charts/docker-mailserver/values.yaml @@ -76,8 +76,8 @@ deployment: # --- General Section --------------------------- # ----------------------------------------------- LOG_LEVEL: info - SUPERVISOR_LOGLEVEL: - DMS_VMAIL_UID: + SUPERVISOR_LOGLEVEL: + DMS_VMAIL_UID: DMS_VMAIL_GID: ACCOUNT_PROVISIONER: POSTMASTER_ADDRESS: @@ -611,17 +611,15 @@ configMaps: ## such as DKIM signing keys. ## ## secrets: -## rspamd.example.com: -## name: rspamd.example.com # This is the name of the Secret -## create: true # If true, create a new Secret -## path: rspamd.dkim.rsa-2048-mail-example.com.private.txt -## data: abace # If create is true, then you must specify content. Must be base 64 encoded! +## - name: rspamd.example.com # This is the name of the Secret +## create: true # If true, create a new Secret +## path: rspamd.dkim.rsa-2048-mail-example.com.private.txt +## data: abace # If create is true, then you must specify content. Must be base 64 encoded! ## -## rspamd.dkim.rsa-2048-mail-example.com.public: -## name: rspamd.dkim.rsa-2048-mail-example.com.public -## create: true -## path: rspamd/dkim/rsa-2048-mail-example.com.public -## data: abace # If create is true, then you must specify content. Must be base 64 encoded! +## - name: rspamd.dkim.rsa-2048-mail-example.com.public +## create: true +## path: rspamd/dkim/rsa-2048-mail-example.com.public +## data: abace # If create is true, then you must specify content. Must be base 64 encoded! ## ## If you set the create key to false, then you must manually create the ConfigMaps before deploying the chart. ## From 9c161ac1b913b5c3fe51700b27ed36ced6e58b0c Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:35:19 +0200 Subject: [PATCH 07/12] make tests more stable --- .../tests/__snapshot__/configmap_test.yaml.snap | 2 +- .../tests/__snapshot__/deployment_test.yaml.snap | 14 +++++++++----- .../tests/__snapshot__/secret_test.yaml.snap | 14 +++++++++----- charts/docker-mailserver/tests/configmap_test.yaml | 1 + .../docker-mailserver/tests/deployment_test.yaml | 1 + charts/docker-mailserver/tests/pvc_test.yaml | 1 + charts/docker-mailserver/tests/secret_test.yaml | 1 + 7 files changed, 23 insertions(+), 11 deletions(-) diff --git a/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap index 0b3097d1..f897c04b 100644 --- a/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap @@ -26,7 +26,7 @@ manifest should match snapshot: 3: | apiVersion: v1 data: - user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <> /etc/postfix/master.cf\n\n# Submission with proxy\n10587 inet n - n - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy \n\n# Submissions with proxy\n10465 inet n - n - - smtpd\n -o syslog_name=postfix/submissions\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy\nEOS\n" + user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <> /etc/postfix/master.cf\n\n# Submission with proxy\n10587 inet n - n - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy \n\n# Submissions with proxy\n10465 inet n - n - - smtpd\n -o syslog_name=postfix/submissions\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy\n\n# Smtp with proxy\n12525 inet n - n - 1 postscreen\n -o syslog_name=postfix/smtp-proxy\n -o postscreen_upstream_proxy_protocol=haproxy\n -o postscreen_cache_map=btree:$data_directory/postscreen_10025_cache\nEOS\n" kind: ConfigMap metadata: labels: diff --git a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap index 293fa2dc..fe51cd23 100644 --- a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap @@ -77,6 +77,8 @@ manifest should match snapshot: value: "300" - name: GETMAIL_POLL value: "5" + - name: LOGROTATE_COUNT + value: "4" - name: LOGROTATE_INTERVAL value: weekly - name: LOG_LEVEL @@ -85,8 +87,6 @@ manifest should match snapshot: value: "0" - name: MOVE_SPAM_TO_JUNK value: "1" - - name: ONE_DIR - value: "1" - name: OVERRIDE_HOSTNAME value: mail.example.com - name: PERMIT_DOCKER @@ -117,21 +117,23 @@ manifest should match snapshot: value: "6" - name: RSPAMD_LEARN value: "0" + - name: RSPAMD_NEURAL + value: "0" - name: SA_KILL value: "10" - - name: SA_SPAM_SUBJECT - value: '***SPAM*** ' - name: SA_TAG value: "2" - name: SA_TAG2 value: "6.31" - name: SPAMASSASSIN_SPAM_TO_INBOX value: "1" + - name: SPAM_SUBJECT + value: '***SPAM*** ' - name: SRS_SENDER_CLASSES value: envelope_sender - name: UPDATE_CHECK_INTERVAL value: 1d - image: mailserver/docker-mailserver:13.3.1 + image: mailserver/docker-mailserver:0.1.0 imagePullPolicy: IfNotPresent livenessProbe: exec: @@ -150,6 +152,8 @@ manifest should match snapshot: name: submissions - containerPort: 587 name: submission + - containerPort: 12525 + name: smtp-proxy - containerPort: 10465 name: subs-proxy - containerPort: 10587 diff --git a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap index edcf2ef3..5408c7cb 100644 --- a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap @@ -77,6 +77,8 @@ manifest should match snapshot: value: "300" - name: GETMAIL_POLL value: "5" + - name: LOGROTATE_COUNT + value: "4" - name: LOGROTATE_INTERVAL value: weekly - name: LOG_LEVEL @@ -85,8 +87,6 @@ manifest should match snapshot: value: "0" - name: MOVE_SPAM_TO_JUNK value: "1" - - name: ONE_DIR - value: "1" - name: OVERRIDE_HOSTNAME value: mail.example.com - name: PERMIT_DOCKER @@ -117,21 +117,23 @@ manifest should match snapshot: value: "6" - name: RSPAMD_LEARN value: "0" + - name: RSPAMD_NEURAL + value: "0" - name: SA_KILL value: "10" - - name: SA_SPAM_SUBJECT - value: '***SPAM*** ' - name: SA_TAG value: "2" - name: SA_TAG2 value: "6.31" - name: SPAMASSASSIN_SPAM_TO_INBOX value: "1" + - name: SPAM_SUBJECT + value: '***SPAM*** ' - name: SRS_SENDER_CLASSES value: envelope_sender - name: UPDATE_CHECK_INTERVAL value: 1d - image: mailserver/docker-mailserver:13.3.1 + image: mailserver/docker-mailserver:0.1.0 imagePullPolicy: IfNotPresent livenessProbe: exec: @@ -150,6 +152,8 @@ manifest should match snapshot: name: submissions - containerPort: 587 name: submission + - containerPort: 12525 + name: smtp-proxy - containerPort: 10465 name: subs-proxy - containerPort: 10587 diff --git a/charts/docker-mailserver/tests/configmap_test.yaml b/charts/docker-mailserver/tests/configmap_test.yaml index 73d11609..d1c04aa6 100644 --- a/charts/docker-mailserver/tests/configmap_test.yaml +++ b/charts/docker-mailserver/tests/configmap_test.yaml @@ -3,6 +3,7 @@ templates: - configmap.yaml chart: version: 0.1.0 + appVersion: 0.1.0 values: - ../values.yaml tests: diff --git a/charts/docker-mailserver/tests/deployment_test.yaml b/charts/docker-mailserver/tests/deployment_test.yaml index 292dbf64..0899fbfc 100644 --- a/charts/docker-mailserver/tests/deployment_test.yaml +++ b/charts/docker-mailserver/tests/deployment_test.yaml @@ -3,6 +3,7 @@ templates: - deployment.yaml chart: version: 0.1.0 + appVersion: 0.1.0 values: - ../values.yaml tests: diff --git a/charts/docker-mailserver/tests/pvc_test.yaml b/charts/docker-mailserver/tests/pvc_test.yaml index cc4f5d02..f02d70d9 100644 --- a/charts/docker-mailserver/tests/pvc_test.yaml +++ b/charts/docker-mailserver/tests/pvc_test.yaml @@ -5,6 +5,7 @@ values: - ../values.yaml chart: version: 0.1.0 + appVersion: 0.1.0 tests: - it: should apply annotations from persistence.annotations set: diff --git a/charts/docker-mailserver/tests/secret_test.yaml b/charts/docker-mailserver/tests/secret_test.yaml index 0685749c..56b5d3cc 100644 --- a/charts/docker-mailserver/tests/secret_test.yaml +++ b/charts/docker-mailserver/tests/secret_test.yaml @@ -4,6 +4,7 @@ templates: - deployment.yaml chart: version: 1.0.0 + appVersion: 0.1.0 values: - ../values.yaml tests: From aba04c4fe73c7756bf97b6d36d39497d82796c4f Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:35:26 +0200 Subject: [PATCH 08/12] chart version bump --- charts/docker-mailserver/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/docker-mailserver/Chart.yaml b/charts/docker-mailserver/Chart.yaml index 541f8ef9..17f6135b 100644 --- a/charts/docker-mailserver/Chart.yaml +++ b/charts/docker-mailserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "14.0.0" description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. name: docker-mailserver -version: 4.0.6 +version: 4.0.7 sources: - https://github.com/docker-mailserver/docker-mailserver-helm maintainers: From 6fd4eda6b5c6baa7a3c58004764f3a3afba853ab Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:44:35 +0200 Subject: [PATCH 09/12] restore changes --- .../templates/deployment.yaml | 41 +++++-------------- .../__snapshot__/deployment_test.yaml.snap | 2 - .../tests/__snapshot__/secret_test.yaml.snap | 2 - 3 files changed, 11 insertions(+), 34 deletions(-) diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index d8336f24..f20bfe9d 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -57,10 +57,10 @@ spec: {{- end }} # Secrets - {{- range $name, $secret := .Values.secrets }} - - name: {{ regexReplaceAll "[.]" $name "-" }} + {{- range .Values.secrets }} + - name: {{ regexReplaceAll "[.]" .name "-" }} secret: - secretName: {{ regexReplaceAll "[.]" $name "-" }} + secretName: {{ regexReplaceAll "[.]" .name "-" }} {{- end }} # Certificate @@ -83,18 +83,6 @@ spec: {{- end }} {{- end }} - # Extra volumes - {{- with .Values.deployment.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - - {{- if .Values.deployment.initContainers }} - initContainers: - {{- with .Values.deployment.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - containers: - name: docker-mailserver image: {{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }} @@ -144,13 +132,13 @@ spec: {{- end }} # Config via Secrets - {{- range $name, $secret := .Values.secrets }} - - name: {{ regexReplaceAll "[.]" $name "-" }} - subPath: {{ $secret.key | default $name }} - {{- if isAbs $secret.path }} - mountPath: {{ $secret.path }} + {{- range .Values.secrets }} + - name: {{ regexReplaceAll "[.]" .name "-" }} + subPath: {{ .key | default .name }} + {{- if isAbs .path }} + mountPath: {{ $.path }} {{- else }} - mountPath: /tmp/docker-mailserver/{{ $secret.path }} + mountPath: /tmp/docker-mailserver/{{ .path }} {{- end }} {{- end }} @@ -162,11 +150,6 @@ spec: {{- end }} {{- end }} - # Mount Extra Volumes - {{- with $.Values.deployment.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - livenessProbe: exec: command: @@ -194,8 +177,6 @@ spec: - name: submission containerPort: 587 {{- if .Values.proxyProtocol.enabled }} - - name: smtp-proxy - containerPort: 12525 - name: subs-proxy containerPort: 10465 - name: sub-proxy @@ -263,7 +244,7 @@ spec: {{- if $persistence.enabled }} - name: {{ $name }} mountPath: {{ $persistence.mountPath }} - readonly: true + readOnly: true {{- end }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap index fe51cd23..c578036e 100644 --- a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap @@ -152,8 +152,6 @@ manifest should match snapshot: name: submissions - containerPort: 587 name: submission - - containerPort: 12525 - name: smtp-proxy - containerPort: 10465 name: subs-proxy - containerPort: 10587 diff --git a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap index 5408c7cb..9a4cc136 100644 --- a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap @@ -152,8 +152,6 @@ manifest should match snapshot: name: submissions - containerPort: 587 name: submission - - containerPort: 12525 - name: smtp-proxy - containerPort: 10465 name: subs-proxy - containerPort: 10587 From 0d1a9b91c9bca7288bb0f2405ccde2bc452fbda8 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:46:04 +0200 Subject: [PATCH 10/12] merge with master --- .../templates/deployment.yaml | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index f20bfe9d..5570b6e6 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -83,6 +83,18 @@ spec: {{- end }} {{- end }} + # Extra volumes + {{- with .Values.deployment.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- if .Values.deployment.initContainers }} + initContainers: + {{- with .Values.deployment.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + containers: - name: docker-mailserver image: {{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }} @@ -150,6 +162,11 @@ spec: {{- end }} {{- end }} + # Mount Extra Volumes + {{- with $.Values.deployment.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + livenessProbe: exec: command: @@ -177,6 +194,8 @@ spec: - name: submission containerPort: 587 {{- if .Values.proxyProtocol.enabled }} + - name: smtp-proxy + containerPort: 12525 - name: subs-proxy containerPort: 10465 - name: sub-proxy @@ -247,4 +266,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From 656500666fac85a71170e1b683a0637af92caa59 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:51:05 +0200 Subject: [PATCH 11/12] update secrets --- .../templates/deployment.yaml | 18 +++++++++--------- .../__snapshot__/deployment_test.yaml.snap | 2 ++ .../tests/__snapshot__/secret_test.yaml.snap | 5 +++-- .../docker-mailserver/tests/secret_test.yaml | 7 +++---- charts/docker-mailserver/values.yaml | 18 ++++++++++-------- 5 files changed, 27 insertions(+), 23 deletions(-) diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index 5570b6e6..3f6be4b1 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -57,10 +57,10 @@ spec: {{- end }} # Secrets - {{- range .Values.secrets }} - - name: {{ regexReplaceAll "[.]" .name "-" }} + {{- range $name, $secret := .Values.secrets }} + - name: {{ regexReplaceAll "[.]" $name "-" }} secret: - secretName: {{ regexReplaceAll "[.]" .name "-" }} + secretName: {{ regexReplaceAll "[.]" $name "-" }} {{- end }} # Certificate @@ -144,13 +144,13 @@ spec: {{- end }} # Config via Secrets - {{- range .Values.secrets }} - - name: {{ regexReplaceAll "[.]" .name "-" }} - subPath: {{ .key | default .name }} - {{- if isAbs .path }} - mountPath: {{ $.path }} + {{- range $name, $secret := .Values.secrets }} + - name: {{ regexReplaceAll "[.]" $name "-" }} + subPath: {{ $secret.key | default $name }} + {{- if isAbs $secret.path }} + mountPath: {{ $secret.path }} {{- else }} - mountPath: /tmp/docker-mailserver/{{ .path }} + mountPath: /tmp/docker-mailserver/{{ $secret.path }} {{- end }} {{- end }} diff --git a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap index c578036e..fe51cd23 100644 --- a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap @@ -152,6 +152,8 @@ manifest should match snapshot: name: submissions - containerPort: 587 name: submission + - containerPort: 12525 + name: smtp-proxy - containerPort: 10465 name: subs-proxy - containerPort: 10587 diff --git a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap index 9a4cc136..362acbb5 100644 --- a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap +++ b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap @@ -152,6 +152,8 @@ manifest should match snapshot: name: submissions - containerPort: 587 name: submission + - containerPort: 12525 + name: smtp-proxy - containerPort: 10465 name: subs-proxy - containerPort: 10587 @@ -243,8 +245,7 @@ manifest should match snapshot: apiVersion: v1 data: mailserver-secret.yaml: | - mailserver-username: test - mailserver-password: test + bWFpbHNlcnZlci11c2VybmFtZTogdGVzdAogICAgICAgICAgICBtYWlsc2VydmVyLXBhc3N3b3JkOiB0ZXN0 kind: Secret metadata: labels: diff --git a/charts/docker-mailserver/tests/secret_test.yaml b/charts/docker-mailserver/tests/secret_test.yaml index 56b5d3cc..cdbc8e40 100644 --- a/charts/docker-mailserver/tests/secret_test.yaml +++ b/charts/docker-mailserver/tests/secret_test.yaml @@ -11,11 +11,10 @@ tests: - it: manifest should match snapshot set: secrets: - - name: mailserver-secret.yaml + mailserver-secret.yaml: + name: mailserver-secret.yaml create: true path: secret.yaml - data: | - mailserver-username: test - mailserver-password: test + data: bWFpbHNlcnZlci11c2VybmFtZTogdGVzdAogICAgICAgICAgICBtYWlsc2VydmVyLXBhc3N3b3JkOiB0ZXN0 asserts: - matchSnapshot: { } diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml index ad3c036f..9f82e2f9 100644 --- a/charts/docker-mailserver/values.yaml +++ b/charts/docker-mailserver/values.yaml @@ -611,15 +611,17 @@ configMaps: ## such as DKIM signing keys. ## ## secrets: -## - name: rspamd.example.com # This is the name of the Secret -## create: true # If true, create a new Secret -## path: rspamd.dkim.rsa-2048-mail-example.com.private.txt -## data: abace # If create is true, then you must specify content. Must be base 64 encoded! +## rspamd.example.com: +## name: rspamd.example.com # This is the name of the Secret +## create: true # If true, create a new Secret +## path: rspamd.dkim.rsa-2048-mail-example.com.private.txt +## data: abace # If create is true, then you must specify content. Must be base 64 encoded! ## -## - name: rspamd.dkim.rsa-2048-mail-example.com.public -## create: true -## path: rspamd/dkim/rsa-2048-mail-example.com.public -## data: abace # If create is true, then you must specify content. Must be base 64 encoded! +## rspamd.dkim.rsa-2048-mail-example.com.public: +## name: rspamd.dkim.rsa-2048-mail-example.com.public +## create: true +## path: rspamd/dkim/rsa-2048-mail-example.com.public +## data: abace # If create is true, then you must specify content. Must be base 64 encoded! ## ## If you set the create key to false, then you must manually create the ConfigMaps before deploying the chart. ## From 96c4ba3bb5668554c17df670d9c7b65bd3717309 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Thu, 12 Sep 2024 12:54:57 +0200 Subject: [PATCH 12/12] remove read-only --- charts/docker-mailserver/templates/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index 3f6be4b1..3324ceb8 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -263,7 +263,6 @@ spec: {{- if $persistence.enabled }} - name: {{ $name }} mountPath: {{ $persistence.mountPath }} - readOnly: true {{- end }} {{- end }} {{- end }}