mirror of
https://github.com/bokysan/docker-postfix.git
synced 2024-09-20 06:46:10 +08:00
Fix for #83: Add the possibility to mount files from secret
This commit is contained in:
parent
331e25899d
commit
fab1b33b48
|
@ -490,6 +490,9 @@ Chart configuration is as follows:
|
|||
| `config.postfix` | `{}` | Key-value list of general postfix options, e.g. `myhostname: "demo"` |
|
||||
| `config.opendkim` | `{}` | Key-value list of general OpenDKIM options, e.g. `RequireSafeKeys: "yes"` |
|
||||
| `secret` | `{}` | Key-value list of environment variables to be shared with Postfix / OpenDKIM as secrets |
|
||||
| `mountSecret.enabled` | `false` | Create a folder with contents of the secret in the pod's container |
|
||||
| `mountSecret.path` | `/var/lib/secret` | Where to mount secret data |
|
||||
| `mountSecret.data` | `{}` | Key-value list of files to be mount into the container |
|
||||
| `persistence.enabled` | `true` | Persist Postfix's queue on disk |
|
||||
| `persistence.accessModes` | `[ 'ReadWriteOnce' ]` | Access mode |
|
||||
| `persistence.existingClaim` | `""` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. |
|
||||
|
|
17
helm/mail/templates/secret-mount.yaml
Normal file
17
helm/mail/templates/secret-mount.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
{{- if .Values.mountSecret.enabled -}}
|
||||
{{- $chart := "mail" -}}
|
||||
{{- $fullName := include (print $chart ".fullname") . -}}
|
||||
{{- $labels := include (print $chart ".labels") . -}}
|
||||
{{- with .Values.mountSecret.data }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $fullName }}-mount
|
||||
labels:
|
||||
{{- $labels | nindent 4 }}
|
||||
data:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
{{- end -}}
|
|
@ -105,6 +105,11 @@ spec:
|
|||
readOnly: true
|
||||
subPath: _enable_tls.sh
|
||||
{{- end }}
|
||||
{{- if .Values.mountSecret.enabled }}
|
||||
- name: mount-secret
|
||||
mountPath: {{ .Values.mountSecret.path }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumeMounts }}{{- toYaml .Values.extraVolumeMounts | nindent 12 }}{{ end }}
|
||||
resources: {{ toYaml .Values.resources | nindent 12 }}
|
||||
{{- if .Values.extraContainers }}
|
||||
|
@ -135,6 +140,11 @@ spec:
|
|||
- name: {{ $fullName }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- if .Values.mountSecret.enabled }}
|
||||
- name: mount-secret
|
||||
secret:
|
||||
secretName: {{ $fullName }}-mount
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumes }}{{- toYaml .Values.extraVolumes | nindent 8 }}{{ end }}
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
|
||||
volumeClaimTemplates:
|
||||
|
@ -145,7 +155,7 @@ spec:
|
|||
accessModes: {{- toYaml .Values.persistence.accessModes | nindent 10 }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- end }}{{- if .Values.persistence.storageClass }}
|
||||
{{- else if .Values.persistence.storageClass }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
|
|
|
@ -90,6 +90,18 @@ certs:
|
|||
# hello: world
|
||||
secret: {}
|
||||
|
||||
# Define a secret which should be deployed together with the
|
||||
# chart amd mounted into a specific directory in the pod.
|
||||
mountSecret:
|
||||
enabled: false
|
||||
path: /var/lib/secret
|
||||
data: {}
|
||||
# e.g.
|
||||
# dkim-private: |
|
||||
# -----BEGIN RSA PRIVATE KEY-----
|
||||
# < redacted >
|
||||
# -----END RSA PRIVATE KEY-----
|
||||
|
||||
config:
|
||||
general: {}
|
||||
# e.g.
|
||||
|
|
8
helm/test_10_mount_secret.yml
Normal file
8
helm/test_10_mount_secret.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
mountSecret:
|
||||
enabled: true
|
||||
path: /test
|
||||
data:
|
||||
dkim-private: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
< redacted >
|
||||
-----END RSA PRIVATE KEY-----
|
Loading…
Reference in a new issue