diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index 52a28087..71dd7225 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -15,7 +15,7 @@ env: KUBE_SCORE_VERSION: 1.17.0 HELM_VERSION: v3.13.2 -concurrency: +concurrency: group: ${{ github.ref }} cancel-in-progress: true @@ -44,12 +44,27 @@ jobs: KUBE_SCORE: /tmp/bin/kube-score run: .ci/scripts/kube-score.sh + unittest: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: install helm unittest + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest.git + + - name: Run helm unittest + run: helm unittest charts/* + chart-testing: runs-on: ubuntu-latest strategy: matrix: # Choose from https://hub.docker.com/r/kindest/node/tags - KubeVersion: [1.27.3, 1.28.0, 1.29.0] + KubeVersion: [ 1.27.3, 1.28.0, 1.29.0 ] steps: - name: Checkout diff --git a/charts/docker-mailserver/Chart.yaml b/charts/docker-mailserver/Chart.yaml index 541f8ef9..17f6135b 100644 --- a/charts/docker-mailserver/Chart.yaml +++ b/charts/docker-mailserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "14.0.0" description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. name: docker-mailserver -version: 4.0.6 +version: 4.0.7 sources: - https://github.com/docker-mailserver/docker-mailserver-helm maintainers: diff --git a/charts/docker-mailserver/templates/deployment.yaml b/charts/docker-mailserver/templates/deployment.yaml index d8336f24..3324ceb8 100644 --- a/charts/docker-mailserver/templates/deployment.yaml +++ b/charts/docker-mailserver/templates/deployment.yaml @@ -263,7 +263,6 @@ spec: {{- if $persistence.enabled }} - name: {{ $name }} mountPath: {{ $persistence.mountPath }} - readonly: true {{- end }} {{- end }} {{- end }} diff --git a/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap new file mode 100644 index 00000000..f897c04b --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap @@ -0,0 +1,37 @@ +manifest should match snapshot: + 1: | + apiVersion: v1 + data: + dovecot.cf: "\nhaproxy_trusted_networks = 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16\nservice imap-login {\n inet_listener imap {\n port = 143\n }\n \n inet_listener imaps {\n port = 993\n ssl = yes\n }\n \n inet_listener imap_proxy {\n haproxy = yes\n port = 10143\n ssl = no\n }\n\n inet_listener imaps_proxy {\n haproxy = yes\n port = 10993\n ssl = yes\n }\n}\n" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: dovecot-cf + 2: | + apiVersion: v1 + data: + fts-xapian-plugin.conf: "" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: fts-xapian-plugin-conf + 3: | + apiVersion: v1 + data: + user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <> /etc/postfix/master.cf\n\n# Submission with proxy\n10587 inet n - n - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=encrypt\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy \n\n# Submissions with proxy\n10465 inet n - n - - smtpd\n -o syslog_name=postfix/submissions\n -o smtpd_tls_wrappermode=yes\n -o smtpd_sasl_auth_enable=yes\n -o smtpd_sasl_type=dovecot\n -o smtpd_reject_unlisted_recipient=no\n -o smtpd_sasl_authenticated_header=yes\n -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n -o smtpd_discard_ehlo_keywords=\n -o milter_macro_daemon_name=ORIGINATING\n -o cleanup_service_name=sender-cleanup\n -o smtpd_upstream_proxy_protocol=haproxy\n\n# Smtp with proxy\n12525 inet n - n - 1 postscreen\n -o syslog_name=postfix/smtp-proxy\n -o postscreen_upstream_proxy_protocol=haproxy\n -o postscreen_cache_map=btree:$data_directory/postscreen_10025_cache\nEOS\n" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: user-patches-sh diff --git a/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap new file mode 100644 index 00000000..fe51cd23 --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/deployment_test.yaml.snap @@ -0,0 +1,237 @@ +manifest should match snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-0.1.0 + heritage: Helm + release: RELEASE-NAME + name: RELEASE-NAME-docker-mailserver + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + spec: + containers: + - env: + - name: AMAVIS_LOGLEVEL + value: "0" + - name: DOVECOT_INET_PROTOCOLS + value: all + - name: DOVECOT_MAILBOX_FORMAT + value: maildir + - name: ENABLE_AMAVIS + value: "0" + - name: ENABLE_CLAMAV + value: "0" + - name: ENABLE_DNSBL + value: "0" + - name: ENABLE_FAIL2BAN + value: "0" + - name: ENABLE_FETCHMAIL + value: "0" + - name: ENABLE_GETMAIL + value: "0" + - name: ENABLE_IMAP + value: "1" + - name: ENABLE_OPENDKIM + value: "0" + - name: ENABLE_OPENDMARC + value: "0" + - name: ENABLE_POLICYD_SPF + value: "0" + - name: ENABLE_POSTGREY + value: "0" + - name: ENABLE_QUOTAS + value: "1" + - name: ENABLE_RSPAMD + value: "1" + - name: ENABLE_RSPAMD_REDIS + value: "1" + - name: ENABLE_SASLAUTHD + value: "0" + - name: ENABLE_SPAMASSASSIN + value: "0" + - name: ENABLE_SPAMASSASSIN_KAM + value: "0" + - name: ENABLE_SRS + value: "0" + - name: ENABLE_UPDATE_CHECK + value: "1" + - name: FAIL2BAN_BLOCKTYPE + value: drop + - name: FETCHMAIL_PARALLEL + value: "0" + - name: FETCHMAIL_POLL + value: "300" + - name: GETMAIL_POLL + value: "5" + - name: LOGROTATE_COUNT + value: "4" + - name: LOGROTATE_INTERVAL + value: weekly + - name: LOG_LEVEL + value: info + - name: MARK_SPAM_AS_READ + value: "0" + - name: MOVE_SPAM_TO_JUNK + value: "1" + - name: OVERRIDE_HOSTNAME + value: mail.example.com + - name: PERMIT_DOCKER + value: none + - name: POSTFIX_INET_PROTOCOLS + value: all + - name: POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME + value: "0" + - name: POSTGREY_AUTO_WHITELIST_CLIENTS + value: "5" + - name: POSTGREY_DELAY + value: "300" + - name: POSTGREY_MAX_AGE + value: "35" + - name: POSTGREY_TEXT + value: Delayed by Postgrey + - name: POSTSCREEN_ACTION + value: enforce + - name: RELAY_PORT + value: "25" + - name: RSPAMD_CHECK_AUTHENTICATED + value: "0" + - name: RSPAMD_GREYLISTING + value: "0" + - name: RSPAMD_HFILTER + value: "1" + - name: RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE + value: "6" + - name: RSPAMD_LEARN + value: "0" + - name: RSPAMD_NEURAL + value: "0" + - name: SA_KILL + value: "10" + - name: SA_TAG + value: "2" + - name: SA_TAG2 + value: "6.31" + - name: SPAMASSASSIN_SPAM_TO_INBOX + value: "1" + - name: SPAM_SUBJECT + value: '***SPAM*** ' + - name: SRS_SENDER_CLASSES + value: envelope_sender + - name: UPDATE_CHECK_INTERVAL + value: 1d + image: mailserver/docker-mailserver:0.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "amavis|clamav|cron|dovecot|mailserver|opendkim|opendmarc|postfix|rsyslog" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + name: docker-mailserver + ports: + - containerPort: 25 + name: smtp + - containerPort: 465 + name: submissions + - containerPort: 587 + name: submission + - containerPort: 12525 + name: smtp-proxy + - containerPort: 10465 + name: subs-proxy + - containerPort: 10587 + name: sub-proxy + - containerPort: 143 + name: imap + - containerPort: 993 + name: imaps + - containerPort: 10143 + name: imap-proxy + - containerPort: 10993 + name: imaps-proxy + - containerPort: 11334 + name: rspamd + readinessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "mailserver|postfix" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 500Mi + memory: 2048Mi + requests: + cpu: "1" + ephemeral-storage: 100Mi + memory: 1536Mi + securityContext: + privileged: false + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /tmp/docker-mailserver/dovecot.cf + name: dovecot-cf + subPath: dovecot.cf + - mountPath: /etc/dovecot/conf.d/10-plugin.conf + name: fts-xapian-plugin-conf + subPath: fts-xapian-plugin.conf + - mountPath: /tmp/docker-mailserver/user-patches.sh + name: user-patches-sh + subPath: user-patches.sh + - mountPath: /tmp/docker-mailserver + name: mail-config + - mountPath: /var/mail + name: mail-data + - mountPath: /var/log/mail + name: mail-log + - mountPath: /var/mail-state + name: mail-state + nodeSelector: {} + priorityClassName: null + restartPolicy: Always + runtimeClassName: null + securityContext: null + serviceAccountName: RELEASE-NAME-docker-mailserver + volumes: + - configMap: + name: dovecot-cf + name: dovecot-cf + - configMap: + name: fts-xapian-plugin-conf + name: fts-xapian-plugin-conf + - configMap: + name: user-patches-sh + name: user-patches-sh + - name: mail-config + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-config + - name: mail-data + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-data + - name: mail-log + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-log + - name: mail-state + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-state diff --git a/charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap new file mode 100644 index 00000000..7b5f41e6 --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/pvc_test.yaml.snap @@ -0,0 +1,92 @@ +manifest should match snapshot: + 1: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-config + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Mi + 2: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + 3: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-log + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + 4: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-state + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +should apply annotations from persistence.annotations: + 1: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + backup.banana.io/deltas: pancakes + name: RELEASE-NAME-docker-mailserver-mail-config + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Mi + 2: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + 3: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-log + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + 4: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: RELEASE-NAME-docker-mailserver-mail-state + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap new file mode 100644 index 00000000..362acbb5 --- /dev/null +++ b/charts/docker-mailserver/tests/__snapshot__/secret_test.yaml.snap @@ -0,0 +1,256 @@ +manifest should match snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-1.0.0 + heritage: Helm + release: RELEASE-NAME + name: RELEASE-NAME-docker-mailserver + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + release: RELEASE-NAME + spec: + containers: + - env: + - name: AMAVIS_LOGLEVEL + value: "0" + - name: DOVECOT_INET_PROTOCOLS + value: all + - name: DOVECOT_MAILBOX_FORMAT + value: maildir + - name: ENABLE_AMAVIS + value: "0" + - name: ENABLE_CLAMAV + value: "0" + - name: ENABLE_DNSBL + value: "0" + - name: ENABLE_FAIL2BAN + value: "0" + - name: ENABLE_FETCHMAIL + value: "0" + - name: ENABLE_GETMAIL + value: "0" + - name: ENABLE_IMAP + value: "1" + - name: ENABLE_OPENDKIM + value: "0" + - name: ENABLE_OPENDMARC + value: "0" + - name: ENABLE_POLICYD_SPF + value: "0" + - name: ENABLE_POSTGREY + value: "0" + - name: ENABLE_QUOTAS + value: "1" + - name: ENABLE_RSPAMD + value: "1" + - name: ENABLE_RSPAMD_REDIS + value: "1" + - name: ENABLE_SASLAUTHD + value: "0" + - name: ENABLE_SPAMASSASSIN + value: "0" + - name: ENABLE_SPAMASSASSIN_KAM + value: "0" + - name: ENABLE_SRS + value: "0" + - name: ENABLE_UPDATE_CHECK + value: "1" + - name: FAIL2BAN_BLOCKTYPE + value: drop + - name: FETCHMAIL_PARALLEL + value: "0" + - name: FETCHMAIL_POLL + value: "300" + - name: GETMAIL_POLL + value: "5" + - name: LOGROTATE_COUNT + value: "4" + - name: LOGROTATE_INTERVAL + value: weekly + - name: LOG_LEVEL + value: info + - name: MARK_SPAM_AS_READ + value: "0" + - name: MOVE_SPAM_TO_JUNK + value: "1" + - name: OVERRIDE_HOSTNAME + value: mail.example.com + - name: PERMIT_DOCKER + value: none + - name: POSTFIX_INET_PROTOCOLS + value: all + - name: POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME + value: "0" + - name: POSTGREY_AUTO_WHITELIST_CLIENTS + value: "5" + - name: POSTGREY_DELAY + value: "300" + - name: POSTGREY_MAX_AGE + value: "35" + - name: POSTGREY_TEXT + value: Delayed by Postgrey + - name: POSTSCREEN_ACTION + value: enforce + - name: RELAY_PORT + value: "25" + - name: RSPAMD_CHECK_AUTHENTICATED + value: "0" + - name: RSPAMD_GREYLISTING + value: "0" + - name: RSPAMD_HFILTER + value: "1" + - name: RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE + value: "6" + - name: RSPAMD_LEARN + value: "0" + - name: RSPAMD_NEURAL + value: "0" + - name: SA_KILL + value: "10" + - name: SA_TAG + value: "2" + - name: SA_TAG2 + value: "6.31" + - name: SPAMASSASSIN_SPAM_TO_INBOX + value: "1" + - name: SPAM_SUBJECT + value: '***SPAM*** ' + - name: SRS_SENDER_CLASSES + value: envelope_sender + - name: UPDATE_CHECK_INTERVAL + value: 1d + image: mailserver/docker-mailserver:0.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "amavis|clamav|cron|dovecot|mailserver|opendkim|opendmarc|postfix|rsyslog" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + name: docker-mailserver + ports: + - containerPort: 25 + name: smtp + - containerPort: 465 + name: submissions + - containerPort: 587 + name: submission + - containerPort: 12525 + name: smtp-proxy + - containerPort: 10465 + name: subs-proxy + - containerPort: 10587 + name: sub-proxy + - containerPort: 143 + name: imap + - containerPort: 993 + name: imaps + - containerPort: 10143 + name: imap-proxy + - containerPort: 10993 + name: imaps-proxy + - containerPort: 11334 + name: rspamd + readinessProbe: + exec: + command: + - /bin/bash + - -c + - supervisorctl status | grep -E "mailserver|postfix" | grep RUNNING + failureThreshold: 3 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 500Mi + memory: 2048Mi + requests: + cpu: "1" + ephemeral-storage: 100Mi + memory: 1536Mi + securityContext: + privileged: false + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /tmp/docker-mailserver/dovecot.cf + name: dovecot-cf + subPath: dovecot.cf + - mountPath: /etc/dovecot/conf.d/10-plugin.conf + name: fts-xapian-plugin-conf + subPath: fts-xapian-plugin.conf + - mountPath: /tmp/docker-mailserver/user-patches.sh + name: user-patches-sh + subPath: user-patches.sh + - mountPath: /tmp/docker-mailserver/secret.yaml + name: mailserver-secret-yaml + subPath: mailserver-secret.yaml + - mountPath: /tmp/docker-mailserver + name: mail-config + - mountPath: /var/mail + name: mail-data + - mountPath: /var/log/mail + name: mail-log + - mountPath: /var/mail-state + name: mail-state + nodeSelector: {} + priorityClassName: null + restartPolicy: Always + runtimeClassName: null + securityContext: null + serviceAccountName: RELEASE-NAME-docker-mailserver + volumes: + - configMap: + name: dovecot-cf + name: dovecot-cf + - configMap: + name: fts-xapian-plugin-conf + name: fts-xapian-plugin-conf + - configMap: + name: user-patches-sh + name: user-patches-sh + - name: mailserver-secret-yaml + secret: + secretName: mailserver-secret-yaml + - name: mail-config + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-config + - name: mail-data + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-data + - name: mail-log + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-log + - name: mail-state + persistentVolumeClaim: + claimName: RELEASE-NAME-docker-mailserver-mail-state + 2: | + apiVersion: v1 + data: + mailserver-secret.yaml: | + bWFpbHNlcnZlci11c2VybmFtZTogdGVzdAogICAgICAgICAgICBtYWlsc2VydmVyLXBhc3N3b3JkOiB0ZXN0 + kind: Secret + metadata: + labels: + app.kubernetes.io/name: RELEASE-NAME-docker-mailserver + chart: docker-mailserver-1.0.0 + heritage: Helm + release: RELEASE-NAME + name: mailserver-secret-yaml diff --git a/charts/docker-mailserver/tests/configmap_test.yaml b/charts/docker-mailserver/tests/configmap_test.yaml index 8c2f6484..d1c04aa6 100644 --- a/charts/docker-mailserver/tests/configmap_test.yaml +++ b/charts/docker-mailserver/tests/configmap_test.yaml @@ -1,25 +1,26 @@ suite: configmap templates: - configmap.yaml +chart: + version: 0.1.0 + appVersion: 0.1.0 +values: + - ../values.yaml tests: - - - it: should correctly import configmaps from config/ if demo mode is disabled - set: - demoMode.enabled: false - asserts: - - matchRegex: - path: data.fail2ban-fail2ban\.cf - pattern: "dbpurgeage" - - - it: should configure imaps port 10993 if proxyProtocol enabled set: - proxyProtocol.enabled: true + proxyProtocol.enabled: true + documentIndex: 0 asserts: + - isKind: + of: ConfigMap - matchRegex: - path: data.dovecot\.cf - pattern: 10993 + path: data["dovecot.cf"] + pattern: "10993" - it: manifest should match snapshot + set: + proxyProtocol: + enabled: true asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } \ No newline at end of file diff --git a/charts/docker-mailserver/tests/deployment_test.yaml b/charts/docker-mailserver/tests/deployment_test.yaml index 5a9718e7..0899fbfc 100644 --- a/charts/docker-mailserver/tests/deployment_test.yaml +++ b/charts/docker-mailserver/tests/deployment_test.yaml @@ -1,6 +1,11 @@ suite: deployment tests templates: - deployment.yaml +chart: + version: 0.1.0 + appVersion: 0.1.0 +values: + - ../values.yaml tests: - it: image and tag should end up in deployment set: @@ -18,4 +23,4 @@ tests: - it: manifest should match snapshot asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } \ No newline at end of file diff --git a/charts/docker-mailserver/tests/haproxy_test.yaml b/charts/docker-mailserver/tests/haproxy_test.yaml deleted file mode 100644 index 513dc66e..00000000 --- a/charts/docker-mailserver/tests/haproxy_test.yaml +++ /dev/null @@ -1,18 +0,0 @@ -suite: haproxy -templates: - - configmap.yaml -tests: - - - it: should not add proxyProtocol options to postfix/dovecot if proxyProtocol support is not enabled - set: - proxyProtocol.enabled: false - asserts: - - notMatchRegex: - path: data.postfix-main\.cf - pattern: haproxy - - isNull: - path: data.dovecot\.cf - - - it: manifest should match snapshot - asserts: - - matchSnapshot: {} \ No newline at end of file diff --git a/charts/docker-mailserver/tests/oobe_test.yaml b/charts/docker-mailserver/tests/oobe_test.yaml deleted file mode 100644 index 48d8d130..00000000 --- a/charts/docker-mailserver/tests/oobe_test.yaml +++ /dev/null @@ -1,58 +0,0 @@ -suite: oobe -templates: - - configmap.yaml - - secret.yaml - - deployment.yaml -tests: - - # Demo mode is on OOB, so test it functions as expected - - it: should correctly configure configmaps if demo mode is enabled - asserts: - - matchRegex: - path: data.postfix-accounts\.cf - pattern: user@example.com|{SHA512-CRYPT}$6$l4023rZnQEy/l0Rg$JeNjAAICB43VAX7GTJ9jeE7DR0LeyR5nU.ftq3c42T5E1IZSuRBqwM8erRh6t0CyIT6aYpBIAopzcQHNUvMV00 - - matchRegex: - path: data.SigningTable - pattern: \*\@example.com mail._domainkey.example.com - - matchRegex: - path: data.KeyTable - pattern: mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private - - matchRegex: - path: data.TrustedHosts - pattern: 127.0.0.1 - - - it: should correctly configure secrets if demo mode is enabled - asserts: - - matchRegex: - path: data.example\.com-mail\.private - pattern: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS - template: secret.yaml - - # SPF tests shoudl be performed under normal circumstances - - it: should perform SPF tests under normal conditions - asserts: - - notMatchRegex: - path: data.postfix-main\.cf - pattern: smtpd_recipient_restrictions - - # proxyProtocol is enabled by default - - it: should correctly configure postfix/dovecot if proxyProtocol support is enabled - set: - asserts: - - matchRegex: - path: data.postfix-main\.cf - pattern: haproxy - - matchRegex: - path: data.dovecot\.cf - pattern: haproxy - - - it: should configure imaps port 10993 if proxyProtocol is enabled - set: - asserts: - - matchRegex: - path: data.dovecot\.cf - pattern: 10993 - - - it: manifest should match snapshot - asserts: - - matchSnapshot: {} \ No newline at end of file diff --git a/charts/docker-mailserver/tests/pvc_test.yaml b/charts/docker-mailserver/tests/pvc_test.yaml index 69ce404f..f02d70d9 100644 --- a/charts/docker-mailserver/tests/pvc_test.yaml +++ b/charts/docker-mailserver/tests/pvc_test.yaml @@ -1,20 +1,27 @@ - suite: pvc creation templates: - pvc.yaml +values: + - ../values.yaml +chart: + version: 0.1.0 + appVersion: 0.1.0 tests: - - it: should apply annotations from persistence.annotations set: - persistence.annotations.backup\.banana\.io/deltas: pancakes + persistence: + mail-config: + annotations: + backup.banana.io/deltas: pancakes asserts: - - equal: - path: metadata.annotations.backup\.banana\.io/deltas - value: pancakes + - matchSnapshot: { } - it: should create pvc of specified size set: - persistence.size: 1Pb + persistence: + mail-data: + size: 1Pb + documentIndex: 1 asserts: - equal: path: spec.resources.requests.storage @@ -22,4 +29,4 @@ tests: - it: manifest should match snapshot asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } \ No newline at end of file diff --git a/charts/docker-mailserver/tests/secret_test.yaml b/charts/docker-mailserver/tests/secret_test.yaml index 7b405f52..cdbc8e40 100644 --- a/charts/docker-mailserver/tests/secret_test.yaml +++ b/charts/docker-mailserver/tests/secret_test.yaml @@ -1,22 +1,20 @@ suite: secret templates: - secret.yaml + - deployment.yaml +chart: + version: 1.0.0 + appVersion: 0.1.0 +values: + - ../values.yaml tests: - - - it: should correctly import opendkim keys from config/opendkim/keys if demo mode is disabled - set: - demoMode.enabled: false - domains: - - example.com - asserts: - - matchRegex: - path: data.example\.com-mail\.private - pattern: "LS0tLS1CRUdJTiBSU0EgUF" - - it: manifest should match snapshot set: - demoMode.enabled: false - domains: - - example.com + secrets: + mailserver-secret.yaml: + name: mailserver-secret.yaml + create: true + path: secret.yaml + data: bWFpbHNlcnZlci11c2VybmFtZTogdGVzdAogICAgICAgICAgICBtYWlsc2VydmVyLXBhc3N3b3JkOiB0ZXN0 asserts: - - matchSnapshot: {} \ No newline at end of file + - matchSnapshot: { } diff --git a/charts/docker-mailserver/tests/spf_test.yaml b/charts/docker-mailserver/tests/spf_test.yaml deleted file mode 100644 index ae9019e0..00000000 --- a/charts/docker-mailserver/tests/spf_test.yaml +++ /dev/null @@ -1,15 +0,0 @@ -suite: disable_spf_tests -templates: - - configmap.yaml -tests: - - it: should disable SPF tests when requested - set: - disable_spf_tests: true - asserts: - - notMatchRegex: - path: data.postfix-main\.cf - pattern: private/policyd-spf - - - it: manifest should match snapshot - asserts: - - matchSnapshot: {} \ No newline at end of file diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml index 9afb63f9..9f82e2f9 100644 --- a/charts/docker-mailserver/values.yaml +++ b/charts/docker-mailserver/values.yaml @@ -76,8 +76,8 @@ deployment: # --- General Section --------------------------- # ----------------------------------------------- LOG_LEVEL: info - SUPERVISOR_LOGLEVEL: - DMS_VMAIL_UID: + SUPERVISOR_LOGLEVEL: + DMS_VMAIL_UID: DMS_VMAIL_GID: ACCOUNT_PROVISIONER: POSTMASTER_ADDRESS: @@ -311,7 +311,7 @@ service: ## Default: Automatically assign a random, ephemeral IP # publicIp: ## If there should be firewall rules restricting the load balancer to a limited set of IPs, specify those IPs below - ## in CIDR format. If all IPs shoud be allowed access, set the CIDR as "0.0.0.0/0" + ## in CIDR format. If all IPs should be allowed access, set the CIDR as "0.0.0.0/0" allowedIps: - "0.0.0.0/0" ## If there is a Hostname associated with this site, add it here and it will be rendered in the documentation. @@ -319,7 +319,7 @@ service: annotations: {} labels: {} -# Note this is a dictionary and not a list so invidual keys can be overriden by --set or --value helm parameters +# Note this is a dictionary and not a list so individual keys can be overridden by --set or --value helm parameters persistence: # Stores generated configuration files # https://docker-mailserver.github.io/docker-mailserver/edge/faq/#what-about-the-docker-datadmsconfig-directory @@ -380,7 +380,7 @@ persistence: ## See https://github.com/prometheus/docs/blob/master/content/docs/operating/configuration.md ## See https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml monitoring: - ## Whether to scrape this service with the montoring toolkit. Mostly useful for blackbox probing of a given service + ## Whether to scrape this service with the monitoring toolkit. Mostly useful for blackbox probing of a given service ## to ensure it's "up" service: ## monitoring should be configured to only scrape services that have a value of "true" @@ -393,7 +393,7 @@ monitoring: port: "9102" ## Whether to scape the pods associated with this application. Useful for collecting metrics. pod: - ## monitoring shoudl be configured to only scrape pods that have a value of `true` + ## monitoring should be configured to only scrape pods that have a value of `true` scrape: "true" ## monitoring should be configured to only probe services that have a value of "true" probe: "false" @@ -455,7 +455,7 @@ metrics: ## are stored in its chart/config directory. ## ## However, Helm does not provide a way too save external files to a ConfigMap or Secret. -## This is problem for docker-mailserver because you need to setup postfix acounts, +## This is problem for docker-mailserver because you need to setup postfix accounts, ## dovecot accounts, etc. ## ## The configs and secrets keys solve this problem. They allow you to add additional config