{{- $chart := "mail" -}} {{- $fullName := include (print $chart ".fullname") . -}} {{- $labels := include (print $chart ".labels") . -}} {{- $reloaderAnnotations := include (print $chart ".reloader") . -}} {{- $selectorLabels := include (print $chart ".selectorLabels") . -}} {{- $checksums := include (print $chart ".checksums") . -}} {{- $serviceAccountName := include (print $chart ".serviceAccountName") . -}} {{- $kind := "StatefulSet" -}} {{- $root := . -}} apiVersion: apps/v1 kind: {{ $kind | quote }} metadata: name: {{ $fullName | quote }} namespace: {{ .Release.Namespace | quote }} labels: {{- $labels | nindent 4 }} {{- with .Values.deployment.labels }}{{ toYaml . | nindent 4 }}{{ end }} annotations: {{- $reloaderAnnotations | nindent 4 }} {{- with .Values.deployment.annotations }}{{ toYaml . | nindent 4 }}{{ end }} spec: {{ if eq $kind "StatefulSet" }}serviceName: {{ $fullName }}{{ end }} {{ if eq $kind "Deployment" }}{{ with .Values.strategy }}strategy: {{- toYaml . | nindent 4 }}{{ end }}{{ end }} replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- $selectorLabels | nindent 6 }} template: metadata: labels: {{- $selectorLabels | nindent 8 }} {{- with .Values.pod.labels }}{{ toYaml . | nindent 8 }}{{- end }} annotations: {{- if .Values.recreateOnRedeploy }} # https://keel.sh/docs/#helm-same-tag-force-updates # Current consensus on a best way to "force" update Helm releases is by modifying your pod spec template by adding: date/deploy-date: {{ now | quote }} {{- end }} {{- $checksums | nindent 8 }} {{- with .Values.pod.annotations }}{{ toYaml . | nindent 8 }}{{ end }} spec: serviceAccountName: {{ $serviceAccountName | quote }} {{ with .Values.imagePullSecrets }}imagePullSecrets: {{- toYaml . | nindent 8 }}{{- end }} {{ if .Values.schedulerName }}schedulerName: {{ .Values.schedulerName | quote }}{{ end }} {{ if .Values.priorityClassName }}priorityClassName: {{ .Values.priorityClassName | quote }}{{ end }} {{ with .Values.pod.securityContext }}securityContext: {{- toYaml . | nindent 8 }}{{- end }} {{ with .Values.nodeSelector }}nodeSelector: {{- toYaml . | nindent 8 }}{{- end }} {{ with .Values.affinity }}affinity: {{- toYaml . | nindent 8 }} {{- end }} {{ with .Values.tolerations }}tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.extraInitContainers }} # # Init containers # initContainers: {{- tpl .Values.extraInitContainers . | nindent 6 }} {{- end }} # Allow up to 2 minutes for Postfix to flush / empty the queue before shutting down the container terminationGracePeriodSeconds: 120 containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.container.postfix.securityContext | nindent 12 }} ports: - name: smtp containerPort: 587 protocol: TCP readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} startupProbe: {{- toYaml .Values.startupProbe | nindent 12 }} lifecycle: # If a container has a preStop hook configured, that runs before the container enters the Terminated state. preStop: exec: command: - bash - -c - touch /tmp/container_is_terminating && while ! [[ "`mailq`" == *empty* ]]; do echo "Flushing queue..." && postfix flush; sleep 1; done; killall5 -15 supervisord {{- if .Values.lifecycle.postStart }} postStart: {{- toYaml .Values.lifecycle.postStart | nindent 14 }} {{- end }} envFrom: - configMapRef: name: {{ $fullName | quote }} {{- with .Values.secret }} - secretRef: name: {{ $fullName | quote }} {{- end }} {{- if .Values.existingSecret }} - secretRef: name: {{ .Values.existingSecret | quote }} {{- end }} {{ with .Values.extraEnv }}env: {{- toYaml . | nindent 12 }}{{ end }} volumeMounts: - mountPath: /var/spool/postfix name: {{ $fullName | quote }} subPath: spool {{- if .Values.metrics.enabled }} - name: metrics-config mountPath: /etc/rsyslog.d-metrics/maillog.conf subPath: maillog.conf - name: {{ $fullName | quote }} mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }} readOnly: false subPath: logs {{- if .Values.metrics.logrotate.enabled }} - name: metrics-config mountPath: /etc/logrotate.d/logrotate.conf subPath: logrotate.conf - name: metrics-config-scripts mountPath: /etc/cron.hourly/logrotate.sh # Ubuntu subPath: logrotate.sh - name: metrics-config-scripts mountPath: /etc/periodic/hourly/logrotate.sh # Alpine subPath: logrotate.sh {{- end }} {{- end }} {{- if .Values.certs.create }} - name: certs mountPath: /var/run/certs readOnly: true - name: certs-init mountPath: /docker-init.db/_enable_tls.sh readOnly: true subPath: _enable_tls.sh {{- end }} {{- if .Values.mountSecret.enabled }} - name: mount-secret mountPath: {{ .Values.mountSecret.path }} readOnly: true {{- end }} {{- if .Values.extraVolumeMounts }}{{- toYaml .Values.extraVolumeMounts | nindent 12 }}{{ end }} resources: {{ toYaml .Values.resources | nindent 12 }} {{- if .Values.metrics.enabled }} - name: exporter imagePullPolicy: Always image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag | default "latest" }}" ports: - containerPort: {{ .Values.metrics.port }} name: metrics protocol: TCP command: - /bin/postfix_exporter args: - "--web.listen-address" - {{ print "0.0.0.0:" .Values.metrics.port | quote }} - "--web.telemetry-path" - {{ .Values.metrics.path | quote }} - "--postfix.logfile_path" - {{ .Values.metrics.maillog | quote }} - "--postfix.showq_path" - {{ print "/var/spool/postfix/public/showq" | quote }} volumeMounts: - name: tmp mountPath: /tmp name: tmp - name: {{ $fullName | quote }} mountPath: /var/spool/postfix subPath: spool - name: {{ $fullName | quote }} mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }} subPath: logs startupProbe: httpGet: path: {{ .Values.metrics.path | quote }} port: {{ .Values.metrics.port }} initialDelaySeconds: 5 failureThreshold: 15 periodSeconds: 2 readinessProbe: httpGet: path: {{ .Values.metrics.path | quote }} port: {{ .Values.metrics.port }} initialDelaySeconds: 5 failureThreshold: 30 periodSeconds: 10 {{- end }} {{- if .Values.extraContainers }} {{- tpl .Values.extraContainers $root | nindent 8 }} {{- end }} {{- if .Values.dns.policy }} dnsPolicy: {{ .Values.dns.policy | quote }} {{- end }} {{- if or .Values.dns.nameservers .Values.dns.searches .Values.dns.options }} dnsConfig: {{- toYaml (omit .Values.dns "policy") | nindent 8 }} {{- end }} volumes: - name: tmp emptyDir: {} {{- if .Values.certs.create }} - name: certs-init configMap: name: {{ $fullName }} defaultMode: 0755 - name: certs secret: secretName: {{ $fullName }}-certs {{- end }} # Socket directories {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: {{ $fullName }} persistentVolumeClaim: {{- with .Values.persistence.existingClaim }} claimName: {{ tpl . $ }} {{- end }} {{- else if not .Values.persistence.enabled }} - name: {{ $fullName }} emptyDir: {} {{- end }} {{- if .Values.mountSecret.enabled }} - name: mount-secret secret: secretName: {{ $fullName }}-mount {{- end }} {{- if .Values.metrics.enabled }} - name: metrics-config configMap: name: {{ print $fullName "-metrics" | quote }} - name: metrics-config-scripts configMap: name: {{ print $fullName "-scripts" | quote }} defaultMode: 0777 {{- end }} {{- if .Values.extraVolumes }}{{- toYaml .Values.extraVolumes | nindent 8 }}{{ end }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ $fullName }} namespace: {{ .Release.Namespace }} spec: accessModes: {{- toYaml .Values.persistence.accessModes | nindent 10 }} {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" {{- else if .Values.persistence.storageClass }} storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- end }}