xavor/smtp-relay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9e21e1e669
smtp-relay/build.sh
xavor 9e21e1e669 feat(smtp-relay): initial custom postfix+sasl relay image 
Postfix relay image with Cyrus SASL (sasldb2) authentication.
Replaces mwader/postfix-relay with a controlled image built via Kaniko and
stored in Harbor. Credentials injected from Vault ExternalSecret at startup.
2026-05-20 20:25:04 +00:00

104 lines
3.0 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# build.sh [tag]
# Packages the smtp-relay context, uploads to MinIO, runs Kaniko in-cluster, waits.
set -euo pipefail
TAG="${1:-latest}"
HARBOR="harbor.manabo.org"
IMAGE="${HARBOR}/library/smtp-relay:${TAG}"
BUCKET="kaniko-builds"
CONTEXT_KEY="smtp-relay/context.tar.gz"
echo "==> Building ${IMAGE}"
echo "==> Packaging context ..."
tar -czf /tmp/kaniko-context.tar.gz \
--exclude='.git' \
--exclude='build.sh' \
--exclude='k8s' \
-C "$(dirname "$0")" .
echo "==> Uploading to MinIO (${BUCKET}/${CONTEXT_KEY}) ..."
mc cp /tmp/kaniko-context.tar.gz "minio/${BUCKET}/${CONTEXT_KEY}"
rm /tmp/kaniko-context.tar.gz
JOB_NAME="kaniko-smtp-relay-$(date +%s)"
echo "==> Launching Kaniko job: ${JOB_NAME}"
cat <<EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
name: ${JOB_NAME}
namespace: kaniko
spec:
backoffLimit: 0
ttlSecondsAfterFinished: 300
template:
spec:
restartPolicy: Never
imagePullSecrets:
- name: harbor-pull-secret
initContainers:
- name: fetch-context
image: harbor.manabo.org/library/minio/mc:RELEASE.2025-08-13T08-35-41Z
command: ["/bin/sh", "-c"]
args:
- |
mc alias set minio \$MINIO_ENDPOINT \$MC_ACCESS_KEY \$MC_SECRET_KEY --api S3v4 &&
mc cp minio/${BUCKET}/${CONTEXT_KEY} /context/context.tar.gz
env:
- name: MC_ACCESS_KEY
valueFrom:
secretKeyRef:
name: minio-kaniko-creds
key: access-key
- name: MC_SECRET_KEY
valueFrom:
secretKeyRef:
name: minio-kaniko-creds
key: secret-key
- name: MINIO_ENDPOINT
valueFrom:
secretKeyRef:
name: minio-kaniko-creds
key: endpoint
volumeMounts:
- name: context
mountPath: /context
containers:
- name: kaniko
image: harbor.manabo.org/gcr/kaniko-project/executor:v1.23.2
args:
- "--context=tar:///context/context.tar.gz"
- "--destination=${IMAGE}"
- "--snapshot-mode=redo"
- "--log-format=text"
volumeMounts:
- name: context
mountPath: /context
- name: docker-config
mountPath: /kaniko/.docker/
volumes:
- name: context
emptyDir: {}
- name: docker-config
secret:
secretName: harbor-push-config
items:
- key: .dockerconfigjson
path: config.json
EOF
echo "==> Waiting for build (timeout 10m) ..."
kubectl wait "job/${JOB_NAME}" -n kaniko \
--for=condition=complete \
--timeout=600s || {
echo "==> Build FAILED. Logs:"
POD=$(kubectl get pods -n kaniko -l "job-name=${JOB_NAME}" -o name | head -1)
kubectl logs -n kaniko "$POD" --all-containers
kubectl delete "job/${JOB_NAME}" -n kaniko --ignore-not-found
exit 1
}
echo "==> Done: ${IMAGE}"
Reference in New Issue View Git Blame Copy Permalink