Remove typos from README.md

Allow setting existing secret name for TLS certs (#233 )
* allow change of cert secret name * change to helpers.tpl * update secretName * fix certname * fix name of default * set static name * Removing comment * update Readme and set cert name as ${mail.fullname} * update test file name * add create * Removing the certs.existing. As this was not setup to be used. * Update to allow setting only existingSecret or certs.create * allow existing secret to add certs script --------- Co-authored-by: nicholasm <nicholas.matters@prontocloud.com.au>
2025-09-06 22:44:59 +08:00 · 2025-07-29 13:00:02 +02:00 · 2025-07-29 12:59:03 +02:00 · 2025-07-29 12:58:47 +02:00
8 changed files with 40 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -628,6 +628,7 @@ Chart configuration is as follows:
 | `service.spec` | `{}` | Additional service specifications |
 | `service.nodePort` | *empty* | Use a specific `nodePort` |
 | `service.nodeIP` | *empty* | Use a specific `nodeIP` |
+| `service.externalTrafficPolicy` | *empty* | Set `loadbalancer` [External traffic policy](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) |
 | `resources` | `{}` | [Pod resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | `autoscaling.enabled` | `false` | Set to `true` to enable [Horisontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
 | `autoscaling.minReplicas` | `1` | Minimum number of replicas |
@ -639,7 +640,8 @@ Chart configuration is as follows:
 | `nodeSelector` | `{}` | Standard Kubernetes stuff |
 | `tolerations` | `[]` | Standard Kubernetes stuff |
 | `affinity` | `{}` | Standard Kubernetes stuff |
-| `certs.create` | `{}` | Auto generate TLS certificates for Postfix |
+| `certs.create` | `false` | Auto generate TLS certificates for Postfix |
+| `certs.existingSecret` | `""` | Existing secret containing the TLS certificates for Postfix |
 | `extraVolumes` | `[]` | Append any extra volumes to the pod |
 | `extraVolumeMounts` | `[]` | Append any extra volume mounts to the postfix container |
 | `extraInitContainers` | `[]` | Execute any extra init containers on startup |
--- a/helm/mail/templates/_helpers.tpl
+++ b/helm/mail/templates/_helpers.tpl
@ -76,3 +76,14 @@ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . |
 configmap.reloader.stakater.com/reload: "{{ include "mail.fullname" . }}"
 {{- end -}}

+{{/*
+Return the secret containing HTTPS/TLS certificates
+*/}}
+{{- define "tls.secretName" -}}
+{{- $secretName := .Values.certs.existingSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName .) -}}
+{{- else -}}
+    {{- printf "%s-certs" (include "mail.fullname" .) -}}
+{{- end -}}
+{{- end -}}
--- a/helm/mail/templates/configmap.yaml
+++ b/helm/mail/templates/configmap.yaml
@ -16,7 +16,7 @@ data:
  {{- range $key, $value := .Values.config.opendkim }}
  OPENDKIM_{{ $key }}: {{ $value | quote }}
  {{- end }}
-  {{- if .Values.certs.create }}
+  {{- if or .Values.certs.create .Values.certs.existingSecret }}
  _enable_tls.sh: |
    #!/usr/bin/env bash
    set -e
--- a/helm/mail/templates/secret-cert.yaml
+++ b/helm/mail/templates/secret-cert.yaml
@ -10,7 +10,7 @@ apiVersion: v1
 kind: Secret
 type: kubernetes.io/tls
 metadata:
-  name: {{ $fullName }}-certs
+  name: {{ include "tls.secretName" . }}
  labels:
    {{- $labels | nindent 4 }}
  annotations:
--- a/helm/mail/templates/service.yaml
+++ b/helm/mail/templates/service.yaml
@ -14,6 +14,9 @@ metadata:
    {{- with .Values.service.annotations }}{{ toYaml . | nindent 4 }}{{ end }}
 spec:
  type: {{ .Values.service.type }}
+  {{- if .Values.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.externalTrafficPolicy }}
+  {{- end }}
  {{- with .Values.service.spec }}{{ toYaml . | nindent 2 }}{{ end }}
  ports:
    - port: {{ .Values.service.port }}
--- a/helm/mail/templates/statefulset.yaml
+++ b/helm/mail/templates/statefulset.yaml
@ -117,7 +117,7 @@ spec:
              subPath: logrotate.sh
            {{- end }}
            {{- end }}
-            {{- if .Values.certs.create }}
+            {{- if or .Values.certs.create .Values.certs.existingSecret }}
            - name: certs
              mountPath: /var/run/certs
              readOnly: true
@ -189,14 +189,14 @@ spec:
      volumes:
        - name: tmp
          emptyDir: {}
-        {{- if .Values.certs.create }}
+        {{- if or .Values.certs.create .Values.certs.existingSecret }}
        - name: certs-init
          configMap:
            name: {{ $fullName }}
            defaultMode: 0755
        - name: certs
          secret:
-            secretName: {{ $fullName }}-certs
+            secretName: {{ include "tls.secretName" . }}
        {{- end }}
        # Socket directories
        {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
--- a/helm/mail/values.yaml
+++ b/helm/mail/values.yaml
@ -19,6 +19,7 @@ service:
  port: 587
  labels: {}
  annotations: {}
+  # externalTrafficPolicy: Cluster
  # nodePort:

 # StatefulSets now require a headless service
@ -84,7 +85,8 @@ metrics:
 # a pod and let `StatefulSet` recreate it.
 recreateOnRedeploy: true

-resources: {}
+resources:
+  {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
@ -136,8 +138,8 @@ container:
 certs:
  # Auto-generate certificates for the server and mount them into Postfix volume
  create: false
-  # Provide existing cert
-  existing: false
+  # Provide existing secret name
+  existingSecret: ""

 # Define data which should be stored in a Secret
 # (and shared with the pod as environment variables)
@ -154,7 +156,8 @@ existingSecret: ""
 mountSecret:
  enabled: false
  path: /var/lib/secret
-  data: {}
+  data:
+    {}
    # e.g.
    # dkim-private: |
    #   -----BEGIN RSA PRIVATE KEY-----
@ -162,7 +165,8 @@ mountSecret:
    #   -----END RSA PRIVATE KEY-----

 config:
-  general: {}
+  general:
+    {}
    # e.g.
    # TZ:
    # FORCE_COLOR:
@ -178,18 +182,21 @@ config:
    # SMTP_HEADER_CHECKS:
    # DKIM_SELECTOR:
    # DKIM_AUTOGENERATE:
-  postfix: {}
+  postfix:
+    {}
    # e.g.
    # myhostname: "postfix"
    # smtp_tls_security_level: "encrypt"
-  opendkim: {}
+  opendkim:
+    {}
    # e.g.
    # RequireSafeKeys: "yes"

 dns:
  policy: ""
  # policy: "None"
-  nameservers: {}
+  nameservers:
+    {}
    # - 8.8.8.8
    # - 8.8.4.4
  searches: ""
--- a/helm/test_16_certs_existing_secret.yml
+++ b/helm/test_16_certs_existing_secret.yml
@ -0,0 +1,3 @@
+certs:
+  create: false
+  existingSecret: "controller-generated-secret"