{{- if .Values.certs.create -}}
{{/* Generate certificates for mail server */}}
{{- $chart := "mail" -}}
{{- $fullName := include (print $chart ".fullname") . -}}
{{- $labels := include (print $chart ".labels") . -}}
{{- $altNames := list ( printf "%s.%s" $fullName .Release.Namespace ) ( printf "%s.%s.svc" $fullName .Release.Namespace ) ( printf "%s.%s.svc.cluster.local" $fullName .Release.Namespace ) -}}
{{- $ca := genCA "mail-ca" 365 -}}
{{- $cert := genSignedCert ( include "mail.name" . ) nil $altNames 365 $ca -}}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
  name: {{ $fullName }}-certs
  labels:
    {{- $labels | nindent 4 }}
  annotations:
    "helm.sh/hook": "pre-install"
    "helm.sh/hook-delete-policy": "before-hook-creation"
data:
  tls.crt: {{ $cert.Cert | b64enc }}
  tls.key: {{ $cert.Key | b64enc }}
{{- end }}