27 lines
945 B
YAML
27 lines
945 B
YAML
|
# Self-signed TLS certificate secret for Mailu Front
|
||
|
|
# This is required by the Mailu Helm chart even when TLS is disabled (tls.flavor: notls)
|
||
|
|
# The Front pod mounts this secret for internal certificate handling
|
||
|
|
#
|
||
|
|
# For production, replace with proper certificates from cert-manager or Let's Encrypt
|
||
|
|
# This script generates a self-signed certificate valid for 365 days
|
||
|
|
#
|
||
|
|
# To regenerate manually:
|
||
|
|
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||
|
|
# -keyout tls.key -out tls.crt \
|
||
|
|
# -subj "/CN=mail.bakery-ia.local/O=bakery-ia"
|
||
|
|
# kubectl create secret tls mailu-certificates \
|
||
|
|
# --cert=tls.crt --key=tls.key -n bakery-ia
|
||
|
|
apiVersion: v1
|
||
|
|
kind: Secret
|
||
|
|
metadata:
|
||
|
|
name: mailu-certificates
|
||
|
|
namespace: bakery-ia
|
||
|
|
labels:
|
||
|
|
app.kubernetes.io/name: mailu
|
||
|
|
app.kubernetes.io/component: certificates
|
||
|
|
type: kubernetes.io/tls
|
||
|
|
data:
|
||
|
|
# Placeholder - will be generated dynamically by the setup script
|
||
|
|
tls.crt: ""
|
||
|
|
tls.key: ""
|