fix(services): Specify dovecot with fqdn

2025-12-08 00:11:38 +01:00 · 2023-07-28 12:04:43 +02:00
parent 8ce01df681
commit 59d64de44e
4 changed files with 22 additions and 9 deletions
--- a/helmfile/apps/services/helmfile.yaml
+++ b/helmfile/apps/services/helmfile.yaml
@@ -47,7 +47,7 @@ releases:
    condition: "mariadb.enabled"
  - name: "postfix"
    chart: "postfix/postfix"
-    version: "1.6.2"
+    version: "1.8.0"
    values:
      - "values-postfix.yaml"
      - "values-postfix.gotmpl"
--- a/helmfile/apps/services/values-postfix.gotmpl
+++ b/helmfile/apps/services/values-postfix.gotmpl
@@ -12,6 +12,9 @@ imagePullSecrets:
  - name: {{ . }}
 {{- end }}

+certificate:
+  secretName: "{{ .Values.ingress.tls.secretName }}"
+
 postfix:
  domain: "{{ .Values.global.domain }}"
  virtualMailboxDomains: "{{ .Values.global.domain }}"
@@ -20,6 +23,10 @@ postfix:
      content:
        - "{{ .Values.smtp.host }} {{ .Values.smtp.username }}:{{ .Values.smtp.password }}"
  relayHost: "[{{ .Values.smtp.host }}]:587"
+  relayNets: {{ .Values.global.internalNetwork | quote }}
+  virtualTransport: "lmtps:dovecot.{{ .Release.Namespace }}.{{ .Values.global.internalDomain }}:24"
+  smtpdSASLPath: "inet:dovecot:3659"
+  smtpdMilters: "inet:clamav-milter:7357"

 persistence:
  size: "{{ .Values.persistence.size.postfix }}"
@@ -29,8 +36,4 @@ replicaCount: {{ .Values.replicas.postfix }}

 resources:
  {{ .Values.resources.postfix | toYaml | nindent 2 }}
-
-ingress:
-  tls:
-    secretName: "{{ .Values.ingress.tls.secretName }}"
 ...
--- a/helmfile/apps/services/values-postfix.yaml
+++ b/helmfile/apps/services/values-postfix.yaml
@@ -1,11 +1,11 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
+certificate:
+  request:
+    enabled: false
+
 postfix:
-  relayNets: "10.0.0.0/8"
-  virtualTransport: "lmtps:dovecot:24"
-  smtpdSASLPath: "inet:dovecot:3659"
-  smtpdMilters: "inet:clamav-milter:7357"
  hostname: "postfix"
  inetProtocols: "ipv4"
  smtpSASLAuthEnable: "yes"
--- a/helmfile/environments/default/global.gotmpl
+++ b/helmfile/environments/default/global.gotmpl
@@ -45,4 +45,14 @@ global:
  #
  imagePullSecrets:
    - "external-registry"
+
+  ## Define internal kubernetes domain, usually svc.cluster.local
+  ## Workaround for calico with postfix
+  #
+  internalDomain: "svc.cluster.local"
+
+  ## Define internal kubernetes network for postfix
+  ## Attention: Mail from this network can be sent without authentication!
+  #
+  internalNetwork: "10.0.0.0/8"
 ...