From be100ad76fe5d6e8c08686c4f20be8712adb71d0 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 27 Jun 2022 12:49:49 +0200
Subject: [PATCH] feat(mok): Add automatic config reload
This patch adds the common config reload annotation trick to the MoK
helm chart, which should make sure that new users are picked up
immediately.
References:
https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
---
charts/mok/Chart.yaml | 2 +-
charts/mok/README.md | 2 +-
charts/mok/templates/dovecot.yaml | 5 ++-
charts/mok/templates/postfix.yaml | 5 ++-
.../tests/__snapshot__/domains_test.yaml.snap | 4 +-
.../tests/__snapshot__/dovecot_test.yaml.snap | 44 +++++++++++++++++--
.../networkpolicies_test.yaml.snap | 4 +-
.../tests/__snapshot__/postfix_test.yaml.snap | 40 ++++++++++++++++-
.../tests/__snapshot__/relay_test.yaml.snap | 4 +-
charts/mok/tests/dovecot_test.yaml | 26 +++++++++++
charts/mok/tests/postfix_test.yaml | 30 +++++++++++++
11 files changed, 148 insertions(+), 18 deletions(-)
diff --git a/charts/mok/Chart.yaml b/charts/mok/Chart.yaml
index 39a06c2a4..87bf6ee34 100644
--- a/charts/mok/Chart.yaml
+++ b/charts/mok/Chart.yaml
@@ -3,7 +3,7 @@ name: mok
description: |
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
type: application
-version: 0.1.3
+version: 0.2.0
sources:
- https://de.postfix.org/ftpmirror/index.html
- https://github.com/dovecot/core
diff --git a/charts/mok/README.md b/charts/mok/README.md
index aad2ed006..859672563 100644
--- a/charts/mok/README.md
+++ b/charts/mok/README.md
@@ -1,6 +1,6 @@
# mok
- 
+ 
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
diff --git a/charts/mok/templates/dovecot.yaml b/charts/mok/templates/dovecot.yaml
index 30d4c0ce3..d15829c11 100644
--- a/charts/mok/templates/dovecot.yaml
+++ b/charts/mok/templates/dovecot.yaml
@@ -69,10 +69,11 @@ spec:
labels:
{{- include "mok.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: dovecot
- {{- with .Values.dovecot.podAnnotations }}
annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- with .Values.dovecot.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
spec:
{{- with .Values.dovecot.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/mok/templates/postfix.yaml b/charts/mok/templates/postfix.yaml
index 29da5d20e..c22e9ddf1 100644
--- a/charts/mok/templates/postfix.yaml
+++ b/charts/mok/templates/postfix.yaml
@@ -49,10 +49,11 @@ spec:
{{- end }}
template:
metadata:
- {{- with .Values.postfix.podAnnotations }}
annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- with .Values.postfix.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "mok.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: postfix
diff --git a/charts/mok/tests/__snapshot__/domains_test.yaml.snap b/charts/mok/tests/__snapshot__/domains_test.yaml.snap
index dd167134a..9d7264b7e 100644
--- a/charts/mok/tests/__snapshot__/domains_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/domains_test.yaml.snap
@@ -8,7 +8,7 @@ keeps stays the same:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot-users
stringData:
passwd: |
@@ -23,7 +23,7 @@ keeps stays the same:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-postfix-maps
stringData:
aliases: |
diff --git a/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap b/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
index 302f30dac..c3b53ce13 100644
--- a/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
@@ -10,7 +10,7 @@ should match snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot
spec:
ports:
@@ -43,7 +43,7 @@ should match snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot-internal
spec:
ports:
@@ -67,7 +67,7 @@ should match snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot
spec:
replicas: 1
@@ -80,6 +80,8 @@ should match snapshot:
type: Recreate
template:
metadata:
+ annotations:
+ checksum/config: 1ccde744f84d15a511177495e8197c3e895b1077c3e180da583ea4d8a3202332
labels:
app.kubernetes.io/component: dovecot
app.kubernetes.io/instance: RELEASE-NAME
@@ -157,7 +159,7 @@ should match snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot-vmail
spec:
accessModes:
@@ -166,3 +168,37 @@ should match snapshot:
requests:
storage: 5Gi
volumeMode: Filesystem
+ 5: |
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/component: dovecot
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: mok
+ helm.sh/chart: mok-0.2.0
+ name: RELEASE-NAME-mok-dovecot-users
+ stringData:
+ passwd: ""
+ type: Opaque
+ 6: |
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/component: postfix
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: mok
+ helm.sh/chart: mok-0.2.0
+ name: RELEASE-NAME-mok-postfix-maps
+ stringData:
+ aliases: ""
+ domains: ""
+ mailboxes: ""
+ relayhosts: ""
+ sasl_passwd: ""
+ sender-login-maps: ""
+ tls-policies: ""
+ type: Opaque
diff --git a/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap b/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap
index 8f287edae..872a20684 100644
--- a/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/networkpolicies_test.yaml.snap
@@ -8,7 +8,7 @@ matches snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot
spec:
ingress:
@@ -53,7 +53,7 @@ matches snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-postfix
spec:
ingress:
diff --git a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
index bfc1e2f75..0472fa118 100644
--- a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
@@ -10,7 +10,7 @@ should match snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-postfix
spec:
ports:
@@ -37,7 +37,7 @@ should match snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-postfix
spec:
replicas: 1
@@ -49,6 +49,8 @@ should match snapshot:
serviceName: RELEASE-NAME-mok-postfix-statefulset
template:
metadata:
+ annotations:
+ checksum/config: 1ccde744f84d15a511177495e8197c3e895b1077c3e180da583ea4d8a3202332
labels:
app.kubernetes.io/component: postfix
app.kubernetes.io/instance: RELEASE-NAME
@@ -156,3 +158,37 @@ should match snapshot:
resources:
requests:
storage: 1Gi
+ 3: |
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/component: dovecot
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: mok
+ helm.sh/chart: mok-0.2.0
+ name: RELEASE-NAME-mok-dovecot-users
+ stringData:
+ passwd: ""
+ type: Opaque
+ 4: |
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/component: postfix
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: mok
+ helm.sh/chart: mok-0.2.0
+ name: RELEASE-NAME-mok-postfix-maps
+ stringData:
+ aliases: ""
+ domains: ""
+ mailboxes: ""
+ relayhosts: ""
+ sasl_passwd: ""
+ sender-login-maps: ""
+ tls-policies: ""
+ type: Opaque
diff --git a/charts/mok/tests/__snapshot__/relay_test.yaml.snap b/charts/mok/tests/__snapshot__/relay_test.yaml.snap
index 44590aaa5..e4b2084c3 100644
--- a/charts/mok/tests/__snapshot__/relay_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/relay_test.yaml.snap
@@ -8,7 +8,7 @@ keeps stays the same:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-dovecot-users
stringData:
passwd: ""
@@ -22,7 +22,7 @@ keeps stays the same:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mok
- helm.sh/chart: mok-0.1.3
+ helm.sh/chart: mok-0.2.0
name: RELEASE-NAME-mok-postfix-maps
stringData:
aliases: ""
diff --git a/charts/mok/tests/dovecot_test.yaml b/charts/mok/tests/dovecot_test.yaml
index bcd2d8452..92314baaf 100644
--- a/charts/mok/tests/dovecot_test.yaml
+++ b/charts/mok/tests/dovecot_test.yaml
@@ -2,6 +2,7 @@ suite: Dovecot
templates:
- dovecot.yaml
- persistentvolumeclaim.yaml
+ - secret.yaml
tests:
- it: should match snapshot
set:
@@ -83,3 +84,28 @@ tests:
name: pop3s
documentIndex: 2
template: dovecot.yaml
+ - it: has config hash for auto-reload
+ set:
+ dovecot:
+ secretName: example-tls
+ asserts:
+ - equal:
+ path: spec.template.metadata.annotations.[checksum/config]
+ value: 1ccde744f84d15a511177495e8197c3e895b1077c3e180da583ea4d8a3202332
+ documentIndex: 2
+ template: dovecot.yaml
+ - it: has a changing config hash for auto-reload
+ set:
+ dovecot:
+ secretName: example-tls
+ domains:
+ example.com:
+ users:
+ - name: test
+ passwordHash: NotReallyAHash
+ asserts:
+ - equal:
+ path: spec.template.metadata.annotations.[checksum/config]
+ value: ac3f477cdba7cd408edee56403b1c480ab9765791edd3fdf9fe5f60cfe0b80e9
+ documentIndex: 2
+ template: dovecot.yaml
diff --git a/charts/mok/tests/postfix_test.yaml b/charts/mok/tests/postfix_test.yaml
index 3e38ee45c..2246fefa8 100644
--- a/charts/mok/tests/postfix_test.yaml
+++ b/charts/mok/tests/postfix_test.yaml
@@ -1,6 +1,7 @@
suite: Postfix
templates:
- postfix.yaml
+ - secret.yaml
tests:
- it: should match snapshot
set:
@@ -20,10 +21,12 @@ tests:
- isKind:
of: Service
documentIndex: 0
+ template: postfix.yaml
- equal:
path: metadata.name
value: test-suite-mok-postfix
documentIndex: 0
+ template: postfix.yaml
- it: has smtp port
set:
postfix:
@@ -37,9 +40,36 @@ tests:
name: smtp
protocol: TCP
documentIndex: 0
+ template: postfix.yaml
- contains:
path: spec.template.spec.containers[0].ports
content:
containerPort: 25
name: smtp
documentIndex: 1
+ template: postfix.yaml
+ - it: has config hash for auto-reload
+ set:
+ dovecot:
+ secretName: example-tls
+ asserts:
+ - equal:
+ path: spec.template.metadata.annotations.[checksum/config]
+ value: 1ccde744f84d15a511177495e8197c3e895b1077c3e180da583ea4d8a3202332
+ documentIndex: 1
+ template: postfix.yaml
+ - it: has a changing config hash for auto-reload
+ set:
+ dovecot:
+ secretName: example-tls
+ domains:
+ example.com:
+ users:
+ - name: test
+ passwordHash: NotReallyAHash
+ asserts:
+ - equal:
+ path: spec.template.metadata.annotations.[checksum/config]
+ value: ac3f477cdba7cd408edee56403b1c480ab9765791edd3fdf9fe5f60cfe0b80e9
+ documentIndex: 1
+ template: postfix.yaml
--
GitLab