DevOps/helm-mailman3
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

initial commit

Browse Source
This commit is contained in:
Florian Wolpert
2020-09-18 15:36:49 +02:00
parent e9a9b4efdf
commit 25e43ee7e3
10 changed files with 615 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
mailman3/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.ingress.enabled }}
Application URL:
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.host }}
{{- else if contains "NodePort" .Values.service.type }}
Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mailman3.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mailman3.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mailman3.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mailman3.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=web" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}

88
mailman3/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,88 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "mailman3.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mailman3.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "mailman3.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "mailman3.labels" -}}
helm.sh/chart: {{ include "mailman3.chart" . }}
{{ include "mailman3.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "mailman3.selectorLabels" -}}
app.kubernetes.io/name: {{ include "mailman3.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "mailman3.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "mailman3.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the core claimName: existingClaim if provided, otherwise claimNameOverride if provided, otherwise mailman3-core (or other fullname if overriden)
*/}}
{{- define "core.claimName" -}}
{{- if .Values.core.persistence.existingClaim -}}
{{- .Values.core.persistence.existingClaim -}}
{{- else if .Values.core.persistence.claimNameOverride -}}
{{- .Values.core.persistence.claimNameOverride -}}
{{- else -}}
{{ include "mailman3.fullname" . }}-core
{{- end -}}
{{- end -}}
{{/*
Create the web claimName: existingClaim if provided, otherwise claimNameOverride if provided, otherwise mailman3-web (or other fullname if overriden)
*/}}
{{- define "web.claimName" -}}
{{- if .Values.web.persistence.existingClaim -}}
{{- .Values.web.persistence.existingClaim -}}
{{- else if .Values.web.persistence.claimNameOverride -}}
{{- .Values.web.persistence.claimNameOverride -}}
{{- else -}}
{{ include "mailman3.fullname" . }}-web
{{- end -}}
{{- end -}}

159
mailman3/templates/core.yaml Normal file
View File

@@ -0,0 +1,159 @@
{{- $clusterDomain := default "cluster.local" .Values.clusterDomain}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mailman3.fullname" . }}-core
labels:
{{- include "mailman3.labels" . | nindent 4 }}
app.kubernetes.io/component: core
spec:
replicas: 1
selector:
matchLabels:
{{- include "mailman3.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: core
template:
metadata:
{{- with .Values.core.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "mailman3.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: core
spec:
{{- with .Values.core.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.core.podSecurityContext | nindent 8 }}
volumes:
- name: core-data
persistentVolumeClaim:
claimName: {{ include "core.claimName" . }}
containers:
- name: mailman-core
securityContext:
{{- toYaml .Values.core.securityContext | nindent 12 }}
image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.core.image.pullPolicy }}
env:
- name: HYPERKITTY_API_KEY
value: {{ .Values.hyperkittyApiKey }}
- name: HYPERKITTY_URL
value: http://{{ include "mailman3.fullname" . }}-web.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}/hyperkitty
- name: MTA
value: postfix
- name: SMTP_HOST
value: {{ include "mailman3.fullname" . }}-core.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}
- name: DATABASE_CLASS
value: mailman.database.sqlite.SQLiteDatabase
- name: DATABASE_URL
value: "sqlite:////opt/mailman/var/data/mailman.db"
ports:
- name: api
containerPort: 8001
protocol: TCP
- name: lmtp
containerPort: 8024
protocol: TCP
# livenessProbe:
# httpGet:
# path: /3.1/system/versions
# port: api
# httpHeaders:
# - name: Authorization
# value: cmVzdGFkbWluOnJlc3RwYXNz # echo -n "restadmin:restpass" | base64
# readinessProbe:
# httpGet:
# path: /
# port: api
volumeMounts:
- name: core-data
mountPath: /opt/mailman
resources:
{{- toYaml .Values.core.resources | nindent 12 }}
- name: postfix
image: boky/postfix:latest
env:
- name: TZ
value: 'Europe/Berlin'
- name: INBOUND_DEBUGGING
value: '1'
- name: ALLOWED_SENDER_DOMAINS
value: "*" # dummy wegen POSTFIX_smtpd_recipient_restrictions...
# - name: POSTFIX_myhostname
# value: {{ .Values.ingress.host | quote }}
- name: POSTFIX_append_at_myorigin
value: "no"
- name: POSTFIX_append_dot_mydomain
value: "no"
- name: POSTFIX_recipient_delimiter
value: "+"
- name: POSTFIX_unknown_local_recipient_reject_code
value: "550"
- name: POSTFIX_owner_request_special
value: "no"
- name: POSTFIX_always_add_missing_headers
value: "yes"
# - name: POSTFIX_virtual_mailbox_maps
# value: regexp:/mailman/postfix_lmtp
- name: POSTFIX_transport_maps
value: regexp:/mailman/postfix_lmtp
- name: POSTFIX_local_recipient_maps
value: regexp:/mailman/postfix_lmtp
- name: POSTFIX_relay_domains
value: regexp:/mailman/postfix_domains
- name: POSTFIX_smtpd_recipient_restrictions
value: "permit_mynetworks,reject_non_fqdn_recipient,reject_unauth_destination"
# value: "reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_sender_access static:OK, reject_unauth_destination" # ugly... is there better way to avoid relaying denied?
ports:
- name: smtp
containerPort: 25
protocol: TCP
volumeMounts:
- name: core-data
subPath: var/data
mountPath: /mailman
{{- with .Values.core.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.core.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.core.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "mailman3.fullname" . }}-core
labels:
{{- include "mailman3.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- name: rest
port: 8001
protocol: TCP
- name: lmtp
port: 8024
protocol: TCP
- name: smtp
port: 25
protocol: TCP
selector:
{{- include "mailman3.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: core

33
mailman3/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "mailman3.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "mailman3.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ include "mailman3.fullname" . }}-certificate
{{- end }}
rules:
- host: {{ .Values.ingress.host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ include "mailman3.fullname" . }}-web
servicePort: 80
{{- end }}

47
mailman3/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if not .Values.core.persistence.existingClaim }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "core.claimName" . }}
{{- if .Values.core.persistence.annotations }}
annotations:
{{ toYaml .Values.core.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.core.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.core.persistence.size }}
{{- if .Values.core.persistence.storageClass }}
{{- if (eq "-" .Values.core.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: {{ .Values.core.persistence.storageClass }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if not .Values.web.persistence.existingClaim }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "web.claimName" . }}
{{- if .Values.web.persistence.annotations }}
annotations:
{{ toYaml .Values.web.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.web.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.web.persistence.size }}
{{- if .Values.web.persistence.storageClass }}
{{- if (eq "-" .Values.web.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: {{ .Values.web.persistence.storageClass }}
{{- end }}
{{- end }}
{{- end }}

15
mailman3/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "mailman3.fullname" . }}-test-connection"
labels:
{{- include "mailman3.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "mailman3.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

127
mailman3/templates/web.yaml Normal file
View File

@@ -0,0 +1,127 @@
{{- $clusterDomain := default "cluster.local" .Values.clusterDomain}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mailman3.fullname" . }}-web
labels:
{{- include "mailman3.labels" . | nindent 4 }}
app.kubernetes.io/component: web
spec:
replicas: 1
selector:
matchLabels:
{{- include "mailman3.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: web
template:
metadata:
{{- with .Values.web.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "mailman3.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: web
spec:
{{- with .Values.web.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.web.podSecurityContext | nindent 8 }}
volumes:
- name: web-data
persistentVolumeClaim:
claimName: {{ include "web.claimName" . }}
containers:
- name: mailman-web
securityContext:
{{- toYaml .Values.web.securityContext | nindent 12 }}
image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.web.image.pullPolicy }}
env:
- name: HYPERKITTY_API_KEY
value: {{ .Values.hyperkittyApiKey }}
- name: SECRET_KEY
value: {{ .Values.djangoSecretKey }}
- name: MAILMAN_REST_URL
value: http://{{ include "mailman3.fullname" . }}-core.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:8001
- name: POSTORIUS_TEMPLATE_BASE_URL
value: http://{{ include "mailman3.fullname" . }}-web.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:80
{{- if .Values.ingress.enabled }}
- name: SERVE_FROM_DOMAIN
value: {{ .Values.ingress.host | quote }}
{{- end }}
- name: DATABASE_URL
value: sqlite://///opt/mailman-web-data/mailmanweb.db
- name: DATABASE_TYPE
value: sqlite
- name: MAILMAN_ADMIN_USER
value: {{ .Values.admin.username }}
- name: MAILMAN_ADMIN_EMAIL
value: {{ .Values.admin.email }}
{{- if .Values.smtp }}
- name: SMTP_HOST
value: {{ .Values.smtp }}
{{- else }}
- name: SMTP_HOST
value: {{ include "mailman3.fullname" . }}-core.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}
{{- end }}
args:
- uwsgi
- --ini
- /opt/mailman-web/uwsgi.ini
- --static-map
- /static=/opt/mailman-web-data/static
ports:
- name: http
containerPort: 8000
protocol: TCP
livenessProbe:
# httpGet:
# path: /
# port: http
# readinessProbe:
# httpGet:
# path: /
# port: http
volumeMounts:
- name: web-data
mountPath: /opt/mailman-web-data
resources:
{{- toYaml .Values.web.resources | nindent 12 }}
{{- with .Values.web.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.web.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "mailman3.fullname" . }}-web
labels:
{{- include "mailman3.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP
selector:
{{- include "mailman3.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: web