diff --git a/README.md b/README.md index e107320..24643ae 100644 --- a/README.md +++ b/README.md @@ -640,7 +640,8 @@ Chart configuration is as follows: | `nodeSelector` | `{}` | Standard Kubernetes stuff | | `tolerations` | `[]` | Standard Kubernetes stuff | | `affinity` | `{}` | Standard Kubernetes stuff | -| `certs.create` | `{}` | Auto generate TLS certificates for Postfix | +| `certs.create` | `false` | Auto generate TLS certificates for Postfix | +| `certs.existingSecret` | `""` | Existing secret containing the TLS certificates for Postfix | | `extraVolumes` | `[]` | Append any extra volumes to the pod | | `extraVolumeMounts` | `[]` | Append any extra volume mounts to the postfix container | | `extraInitContainers` | `[]` | Execute any extra init containers on startup | diff --git a/helm/mail/templates/_helpers.tpl b/helm/mail/templates/_helpers.tpl index a4ef7f0..8ec6fdb 100644 --- a/helm/mail/templates/_helpers.tpl +++ b/helm/mail/templates/_helpers.tpl @@ -76,3 +76,14 @@ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | configmap.reloader.stakater.com/reload: "{{ include "mail.fullname" . }}" {{- end -}} +{{/* +Return the secret containing HTTPS/TLS certificates +*/}} +{{- define "tls.secretName" -}} +{{- $secretName := .Values.certs.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName .) -}} +{{- else -}} + {{- printf "%s-certs" (include "mail.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/helm/mail/templates/configmap.yaml b/helm/mail/templates/configmap.yaml index 3624d2e..b7446fd 100644 --- a/helm/mail/templates/configmap.yaml +++ b/helm/mail/templates/configmap.yaml @@ -16,7 +16,7 @@ data: {{- range $key, $value := .Values.config.opendkim }} OPENDKIM_{{ $key }}: {{ $value | quote }} {{- end }} - {{- if .Values.certs.create }} + {{- if or .Values.certs.create .Values.certs.existingSecret }} _enable_tls.sh: | #!/usr/bin/env bash set -e diff --git a/helm/mail/templates/secret-cert.yaml b/helm/mail/templates/secret-cert.yaml index 948aa45..2b26fd3 100644 --- a/helm/mail/templates/secret-cert.yaml +++ b/helm/mail/templates/secret-cert.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: - name: {{ $fullName }}-certs + name: {{ include "tls.secretName" . }} labels: {{- $labels | nindent 4 }} annotations: diff --git a/helm/mail/templates/statefulset.yaml b/helm/mail/templates/statefulset.yaml index c9cce26..da4f757 100644 --- a/helm/mail/templates/statefulset.yaml +++ b/helm/mail/templates/statefulset.yaml @@ -117,7 +117,7 @@ spec: subPath: logrotate.sh {{- end }} {{- end }} - {{- if .Values.certs.create }} + {{- if or .Values.certs.create .Values.certs.existingSecret }} - name: certs mountPath: /var/run/certs readOnly: true @@ -189,14 +189,14 @@ spec: volumes: - name: tmp emptyDir: {} - {{- if .Values.certs.create }} + {{- if or .Values.certs.create .Values.certs.existingSecret }} - name: certs-init configMap: name: {{ $fullName }} defaultMode: 0755 - name: certs secret: - secretName: {{ $fullName }}-certs + secretName: {{ include "tls.secretName" . }} {{- end }} # Socket directories {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} diff --git a/helm/mail/values.yaml b/helm/mail/values.yaml index 4917bad..7f2819a 100644 --- a/helm/mail/values.yaml +++ b/helm/mail/values.yaml @@ -138,8 +138,8 @@ container: certs: # Auto-generate certificates for the server and mount them into Postfix volume create: false - # Provide existing cert - existing: false + # Provide existing secret name + existingSecret: "" # Define data which should be stored in a Secret # (and shared with the pod as environment variables) diff --git a/helm/test_16_certs_existing_secret.yml b/helm/test_16_certs_existing_secret.yml new file mode 100644 index 0000000..e13658e --- /dev/null +++ b/helm/test_16_certs_existing_secret.yml @@ -0,0 +1,3 @@ +certs: + create: false + existingSecret: "controller-generated-secret"