From 6a329789bd1f4302f39424e0a322abd3d7203b05 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 30 Jun 2022 02:09:48 +0200
Subject: [PATCH] feat(mok): Add PDB for postfix

This patch creates a PDB for postfix, if the setup is scaled to more
than 1 postfix replica. This way at least one postfix instance should
always be available and the MTA therefore HA.

Currently the dovecot backend is not yet HA, this should take place
later on.
---
 charts/mok/Chart.yaml              |  2 +-
 charts/mok/README.md               |  3 ++-
 charts/mok/templates/postfix.yaml  | 16 ++++++++++++++++
 charts/mok/tests/postfix_test.yaml | 27 +++++++++++++++++++++++++++
 charts/mok/values.yaml             |  3 +++
 5 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/charts/mok/Chart.yaml b/charts/mok/Chart.yaml
index b99393d00..8b745a43d 100644
--- a/charts/mok/Chart.yaml
+++ b/charts/mok/Chart.yaml
@@ -3,7 +3,7 @@ name: mok
 description: |
   Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
 type: application
-version: 0.3.1
+version: 0.4.0
 sources:
   - https://de.postfix.org/ftpmirror/index.html
   - https://github.com/dovecot/core
diff --git a/charts/mok/README.md b/charts/mok/README.md
index d73dab6a0..9c1daa130 100644
--- a/charts/mok/README.md
+++ b/charts/mok/README.md
@@ -1,6 +1,6 @@
 # mok
 
-![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
 
@@ -59,6 +59,7 @@ Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that run
 | postfix.imagePullSecrets | list | `[]` |  |
 | postfix.nodeSelector | object | `{}` |  |
 | postfix.podAnnotations | object | `{}` |  |
+| postfix.podDisruptionBudget.enabled | bool | `true` | Enable PodDisruptionBudget if replicaCount is set to > 2 |
 | postfix.podSecurityContext | object | `{}` |  |
 | postfix.postscreen.cidr | string | `"127.0.0.1/32"` | CIDR that is allowed to use Proxy protocol on port 10025 |
 | postfix.postscreen.enabled | bool | `false` | Enable proxy protocol support |
diff --git a/charts/mok/templates/postfix.yaml b/charts/mok/templates/postfix.yaml
index d9607a981..6a3e32405 100644
--- a/charts/mok/templates/postfix.yaml
+++ b/charts/mok/templates/postfix.yaml
@@ -164,3 +164,19 @@ spec:
             secretName: {{ required "TLS secret for postfix is required" .Values.postfix.tls.secretName }}
         - name: cache
           emptyDir: {}
+{{- if and .Values.postfix.podDisruptionBudget.enabled (gt .Values.postfix.replicaCount 1.0) }}
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "mok.fullname" . }}-postfix
+  labels:
+    {{- include "mok.labels" . | nindent 4 }}
+    app.kubernetes.io/component: postfix
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      {{- include "mok.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: postfix
+{{- end}}
diff --git a/charts/mok/tests/postfix_test.yaml b/charts/mok/tests/postfix_test.yaml
index 851d32d1e..ffc244931 100644
--- a/charts/mok/tests/postfix_test.yaml
+++ b/charts/mok/tests/postfix_test.yaml
@@ -103,3 +103,30 @@ tests:
           value: 9215abccdd6c1f21fd329db0133f6f8e892c50aab3dcde3259ea797e8ad2a959
         documentIndex: 1
         template: postfix.yaml
+  - it: has a PDB by default if the replica count is > 1
+    release:
+      name: "test-suite"
+    set:
+      postfix:
+        replicaCount: 2
+        tls:
+          secretName: example-tls
+    asserts:
+      - equal:
+          path: spec.minAvailable
+          value: 1
+        documentIndex: 2
+        template: postfix.yaml
+      - equal:
+          path: spec.selector.matchLabels
+          value:
+            app.kubernetes.io/component: postfix
+            app.kubernetes.io/instance: test-suite
+            app.kubernetes.io/name: mok
+        documentIndex: 2
+        template: postfix.yaml
+      - containsDocument:
+          kind: PodDisruptionBudget
+          apiVersion: policy/v1
+          name: test-suite-mok-postfix
+        template: postfix.yaml
diff --git a/charts/mok/values.yaml b/charts/mok/values.yaml
index cb6d14dc6..cc570ae3a 100644
--- a/charts/mok/values.yaml
+++ b/charts/mok/values.yaml
@@ -49,6 +49,9 @@ postfix:
   imagePullSecrets: []
 
   podAnnotations: {}
+  podDisruptionBudget:
+    # -- Enable PodDisruptionBudget if replicaCount is set to > 2
+    enabled: true
 
   podSecurityContext: {}
 
-- 
GitLab