fix(stalwart-mail): secret generate
This commit is contained in:
parent
ca4fe6f75f
commit
6850c8b695
3 changed files with 68 additions and 0 deletions
|
@ -71,6 +71,14 @@ spec:
|
||||||
mountPath: "/opt/stalwart-mail/etc/config.toml"
|
mountPath: "/opt/stalwart-mail/etc/config.toml"
|
||||||
subPath: "config.toml"
|
subPath: "config.toml"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: secrets
|
||||||
|
mountPath: "/opt/stalwart-smtp/etc/private/dkim-rsa.key"
|
||||||
|
subPath: "dkim-rsa.key"
|
||||||
|
readOnly: true
|
||||||
|
- name: secrets
|
||||||
|
mountPath: "/opt/stalwart-smtp/etc/private/dkim-ed.key"
|
||||||
|
subPath: "dkim-ed.key"
|
||||||
|
readOnly: true
|
||||||
{{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
|
{{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
|
||||||
- name: certificate
|
- name: certificate
|
||||||
mountPath: "/opt/stalwart-mail/etc/certs"
|
mountPath: "/opt/stalwart-mail/etc/certs"
|
||||||
|
@ -82,6 +90,9 @@ spec:
|
||||||
- name: "config"
|
- name: "config"
|
||||||
configMap:
|
configMap:
|
||||||
name: {{ include "stalwart-mail.fullname" . }}
|
name: {{ include "stalwart-mail.fullname" . }}
|
||||||
|
- name: "secrets"
|
||||||
|
secret:
|
||||||
|
secretName: {{ include "stalwart-mail.fullname" . }}
|
||||||
{{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
|
{{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
|
||||||
- name: certificate
|
- name: certificate
|
||||||
secret:
|
secret:
|
||||||
|
|
12
stalwart-mail/templates/secrets.yaml
Normal file
12
stalwart-mail/templates/secrets.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
{{- $secretName := include "stalwart-mail.fullname" . }}
|
||||||
|
{{- $currentData := lookup "v1" "Secret" .Release.Namespace $secretName }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ include "stalwart-mail.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "stalwart-mail.labels" . | nindent 4 }}
|
||||||
|
data:
|
||||||
|
dkim-rsa.key: {{ $dkimSigningRSA := (dig "data" "dkim-rsa.key" "" $currentData | b64dec) | default (genPrivateKey "rsa") | b64enc }}
|
||||||
|
dkim-ed.key: {{ $dkimSigning := (dig "data" "dkim-ed.key" "" $currentData | b64dec) | default (genPrivateKey "ecdsa") | b64enc }}
|
|
@ -105,6 +105,51 @@ config:
|
||||||
# -- verify of dkim signature (relaxed, strict, disable)
|
# -- verify of dkim signature (relaxed, strict, disable)
|
||||||
# @section -- DKIM
|
# @section -- DKIM
|
||||||
verify: "relaxed"
|
verify: "relaxed"
|
||||||
|
signature:
|
||||||
|
rsa:
|
||||||
|
# -- private key for dkim signing (use file for store in secrets of kubernetes - rsa)
|
||||||
|
# @section -- DKIM
|
||||||
|
private-key: "%{file:/opt/stalwart-smtp/etc/private/dkim-rsa.key}%"
|
||||||
|
# @section -- DKIM
|
||||||
|
domain: "foobar.org"
|
||||||
|
# @section -- DKIM
|
||||||
|
selector: "rsa_default"
|
||||||
|
# -- signing of this headers (rsa)
|
||||||
|
# @section -- DKIM
|
||||||
|
headers: ["From", "To", "Date", "Subject", "Message-ID"]
|
||||||
|
# -- alogorithm of signing (rsa)
|
||||||
|
# @section -- DKIM
|
||||||
|
algorithm: "rsa-sha256"
|
||||||
|
# @section -- DKIM
|
||||||
|
canonicalization: "relaxed/relaxed"
|
||||||
|
# @section -- DKIM
|
||||||
|
expire: "10d"
|
||||||
|
# @section -- DKIM
|
||||||
|
set-body-length: false
|
||||||
|
# -- report of signing (rsa)
|
||||||
|
# @section -- DKIM
|
||||||
|
report: true
|
||||||
|
ed25519:
|
||||||
|
# -- private key for dkim signing (use file for store in secrets of kubernetes - ed25519)
|
||||||
|
# @section -- DKIM
|
||||||
|
private-key: "%{file:/opt/stalwart-smtp/etc/private/dkim-ed.key}%"
|
||||||
|
# @section -- DKIM
|
||||||
|
domain: "foobar.org"
|
||||||
|
# @section -- DKIM
|
||||||
|
selector: "ed_default"
|
||||||
|
# -- signing of this headers (ed25519)
|
||||||
|
# @section -- DKIM
|
||||||
|
headers: ["From", "To", "Date", "Subject", "Message-ID"]
|
||||||
|
# -- alogorithm of signing (ed25519)
|
||||||
|
# @section -- DKIM
|
||||||
|
algorithm: "ed25519-sha256"
|
||||||
|
# @section -- DKIM
|
||||||
|
canonicalization: "simple/simple"
|
||||||
|
# @section -- DKIM
|
||||||
|
set-body-length: true
|
||||||
|
# -- report of signing (ed25519)
|
||||||
|
# @section -- DKIM
|
||||||
|
report: false
|
||||||
|
|
||||||
authentication:
|
authentication:
|
||||||
fallback-admin:
|
fallback-admin:
|
||||||
|
|
Loading…
Add table
Reference in a new issue