I am trying to run postfix as a container in k8s. The container starts (including the svcs) but my config maps and secrets don't want to play nice. I tried the following:
- setup the config map with the user and password in clear text RESULT: WORKS
postmap -q someuser@localhost mysql:./virtual_mailbox.cf
- Encrypt the password and username with base64 (as per k8s instructions), read these encrypted values into the environment variables of the container (
envFrom:- secretRef: name: postfix-db-access
), try to connect to the database withpostmap
For this scenario the config map looks like the following:
1 apiVersion: v1
2 kind: ConfigMap
3 metadata:
4 name: postfix-db-configs
5 namespace: mailserver
6 data:
7 virtual_mailbox.cf: |
8 user=$(echo ${POSTFIX_USER} | base64 -d)
9 password=$(echo ${POSTFIX_PASS} | base64 -d)
10 hosts=database.default.svc.cluster.local
11 dbname=postfix
12 query=SELECT mail FROM generic_map WHERE local_mail='%s' AND active=1;
RESULT: FAILS. User '$(echo ${POSTFIX_USER} | base64 -d)' has no access to the database.
- Store the username and password for the postfix user in clear text in the secret like this:
1 apiVersion: v1
2 kind: Secret
3 metadata:
4 name: postfix-db-access
5 namespace: mailserver
6 type: Opaque
7 stringData:
8 POSTFIX_USER: PostfixUser
9 POSTFIX_PASS: somePassword
and the corresponding line in the config map
user=$(echo ${POSTFIX_USER})
RESULT: FAILS with user 'echo ${POSTFIX_USER}) has no access to the database'. The request does not process the environment variable, which is set correctly.
Connecting to the database and querying works fine with the command mysql -h database.default.svc.cluster.local -u postfix -p -e 'use postfix;SELECT mail FROM generic_map WHERE local_mail='someuser@localhost' AND active=1;
. I get all the results I need and expect.
The question is: how do I setup the secret and the config map so this process works and establishes the connection to the database as intended?
realshadow
This is a community wiki answer posted for better visibility. Feel free to expand it.
Possible solution from @mdaniel:
To use pre-processed values for
POSTFIX_USER
,POSTFIX_PASS
and etc., you can use an init container with Volume, that the init container and the application container share.More information is available on the Kubernetes website