Create Helm subchart for OpenDKIM service with configuration and templates

[Aravinda-HWK]

📌 Description

This PR introduces a Helm subchart for the OpenDKIM service and establishes the initial umbrella chart structure for the email system deployment.

The OpenDKIM chart enables DKIM signing for configured domains, supports persistent storage for DKIM keys, and integrates with other email system components via Kubernetes services.

• Closes [TASK] Create Helm Subchart for OpenDKIM Service #319

---

🔍 Changes Made

• Created opendkim Helm subchart under charts/

• Implemented StatefulSet for OpenDKIM deployment with persistent DKIM key storage

• Added Service for internal communication (milter port)

• Created ConfigMaps for:

  • opendkim.conf
  • KeyTable
  • SigningTable
  • TrustedHosts

• Added Secret support for sensitive configuration (silver.yaml)

• Implemented PersistentVolumeClaim with support for:

  • Dynamic provisioning
  • Existing claims

• Added Helm helper templates (_helpers.tpl) for consistent naming and labeling

• Implemented readiness and liveness probes

• Added Helm test hook to validate service connectivity

• Introduced checksum annotations to trigger rolling updates on config changes

• Initialized umbrella chart structure for future email system components

---

✅ Checklist (Email System)

• Core services tested (SMTP, IMAP, mail storage, end-to-end delivery)
• Security & compliance verified (DKIM signing enabled, no privilege escalation, minimal capabilities)
• Configuration & deployment checked (Helm templates render correctly, configs generated dynamically)
• Reliability confirmed (health probes, restart on config changes)
• Documentation & usage notes updated (README for OpenDKIM chart added)

---

🧪 Testing Instructions

1. Deploy the chart:

   helm upgrade --install silver charts/silver -f charts/silver/values-dev.yaml -n mail --create-namespace

2. Verify pods are running:

   kubectl get pods -n mail

3. Run Helm test:

   helm test silver -n mail

4. Verify OpenDKIM service connectivity:

   kubectl exec -it <test-pod> -n mail -- nc -zv <opendkim-service> 8891

5. (Optional) Check DKIM keys:

   kubectl exec -it <opendkim-pod> -n mail -- ls /etc/dkimkeys

---

📷 Screenshots / Logs (if applicable)

• Helm test output showing successful connection to OpenDKIM service
• Pod logs confirming OpenDKIM startup and key generation

---

⚠️ Notes for Reviewers

• DKIM keys are generated at container startup if not already present in the mounted volume
• Persistence must be enabled for production use to avoid key loss on pod restart
• Current test validates only network connectivity; functional DKIM validation will be added in future PRs
• Umbrella chart structure is introduced but currently includes only OpenDKIM; additional services will be added incrementally

[gemini-code-assist]

Code Review

This pull request introduces a Helm chart architecture for the Silver mail platform, featuring an umbrella chart and a dedicated subchart for the OpenDKIM service. The implementation includes templates for standard Kubernetes resources such as StatefulSets, ConfigMaps, and NetworkPolicies, along with environment-specific value files for development and production. Feedback highlights the need to configure an fsGroup in the podSecurityContext to ensure the non-root container has write access to persistent volumes. Additionally, it is recommended to replace the static PVC with volumeClaimTemplates in the StatefulSet to correctly support scaling beyond a single replica.