Add new infra architecture 11
This commit is contained in:
Urtzi Alfaro
@@ -0,0 +1,77 @@
|
||||
# Mailgun SMTP Credentials Secret for Mailu
|
||||
#
|
||||
# This secret stores Mailgun credentials for outbound email relay.
|
||||
# Mailu uses Mailgun as an external SMTP relay to send all outbound emails.
|
||||
#
|
||||
# HOW TO CONFIGURE:
|
||||
# 1. Go to https://www.mailgun.com and create an account
|
||||
# 2. Add and verify your domain (e.g., bakery-ia.dev or bakewise.ai)
|
||||
# 3. Go to Domain Settings > SMTP credentials
|
||||
# 4. Note your SMTP credentials:
|
||||
# - SMTP hostname: smtp.mailgun.org
|
||||
# - Port: 587 (TLS)
|
||||
# - Username: usually postmaster@yourdomain.com
|
||||
# - Password: your Mailgun SMTP password (NOT API key)
|
||||
# 5. Base64 encode your password:
|
||||
# echo -n 'your-mailgun-smtp-password' | base64
|
||||
# 6. Replace MAILGUN_SMTP_PASSWORD_BASE64 below with the encoded value
|
||||
# 7. Apply this secret:
|
||||
# kubectl apply -f mailgun-credentials-secret.yaml -n bakery-ia
|
||||
#
|
||||
# IMPORTANT NOTES:
|
||||
# - Use the SMTP password from Mailgun, not the API key
|
||||
# - The username is typically postmaster@yourdomain.com
|
||||
# - For sandbox domains, Mailgun requires authorized recipients
|
||||
# - Production domains need DNS verification (SPF, DKIM, MX records)
|
||||
#
|
||||
# DNS RECORDS REQUIRED FOR MAILGUN:
|
||||
# You will need to add these DNS records for your domain:
|
||||
# - SPF: TXT record for email authentication
|
||||
# - DKIM: TXT records for email signing (Mailgun provides these)
|
||||
# - MX: If you want to receive emails via Mailgun (optional for relay-only)
|
||||
#
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mailu-mailgun-credentials
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app: mailu
|
||||
component: external-relay
|
||||
type: Opaque
|
||||
data:
|
||||
# Base64 encoded Mailgun SMTP password
|
||||
# To encode: echo -n 'your-password' | base64
|
||||
# To decode: echo 'encoded-value' | base64 -d
|
||||
RELAY_PASSWORD: MAILGUN_SMTP_PASSWORD_BASE64
|
||||
---
|
||||
# Development environment secret (separate for different Mailgun domain)
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mailu-mailgun-credentials-dev
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app: mailu
|
||||
component: external-relay
|
||||
environment: dev
|
||||
type: Opaque
|
||||
data:
|
||||
# Mailgun credentials for bakery-ia.dev domain
|
||||
RELAY_PASSWORD: MAILGUN_DEV_SMTP_PASSWORD_BASE64
|
||||
---
|
||||
# Production environment secret
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mailu-mailgun-credentials-prod
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app: mailu
|
||||
component: external-relay
|
||||
environment: prod
|
||||
type: Opaque
|
||||
data:
|
||||
# Mailgun credentials for bakewise.ai domain
|
||||
RELAY_PASSWORD: MAILGUN_PROD_SMTP_PASSWORD_BASE64
|
||||
@@ -36,11 +36,17 @@ domain: "bakery-ia.dev"
|
||||
hostnames:
|
||||
- "mail.bakery-ia.dev"
|
||||
|
||||
# External relay configuration for dev
|
||||
# External relay configuration for dev (Mailgun)
|
||||
# All outbound emails will be relayed through Mailgun SMTP
|
||||
# To configure:
|
||||
# 1. Register at mailgun.com and verify your domain (bakery-ia.dev)
|
||||
# 2. Get your SMTP credentials from Mailgun dashboard
|
||||
# 3. Update the secret in configs/mailgun-credentials-secret.yaml
|
||||
# 4. Apply the secret: kubectl apply -f configs/mailgun-credentials-secret.yaml
|
||||
externalRelay:
|
||||
host: "[smtp.mailgun.org]:587"
|
||||
username: "postmaster@bakery-ia.dev"
|
||||
password: "mailgun-api-key-replace-in-production"
|
||||
username: "postmaster@bakery-ia.dev" # Your Mailgun SMTP username (usually postmaster@yourdomain)
|
||||
password: "" # Will be loaded from secret - see configs/mailgun-credentials-secret.yaml
|
||||
|
||||
# Environment-specific configurations
|
||||
persistence:
|
||||
|
||||
@@ -2,27 +2,30 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: mailu-ingress
|
||||
namespace: bakery-ia # Same as Mailu's namespace
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app.kubernetes.io/name: mailu
|
||||
app.kubernetes.io/component: ingress
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx # Or your Ingress class
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "100m" # Allow larger email attachments
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" # For long connections
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # Redirect HTTP to HTTPS
|
||||
# If using Cert-Manager: cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- mail.bakery-ia.dev # or mail.bakewise.ai for prod
|
||||
secretName: mail-tls-secret # Your TLS Secret
|
||||
- mail.bakery-ia.dev
|
||||
secretName: bakery-dev-tls-cert
|
||||
rules:
|
||||
- host: mail.bakery-ia.dev # or mail.bakewise.ai for prod
|
||||
- host: mail.bakery-ia.dev
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: mailu-front-http # Mailu's front service (check with kubectl get svc -n bakery-ia)
|
||||
name: mailu-front # Helm release name 'mailu' + component 'front'
|
||||
port:
|
||||
number: 80
|
||||
@@ -21,11 +21,17 @@ domain: "bakewise.ai"
|
||||
hostnames:
|
||||
- "mail.bakewise.ai"
|
||||
|
||||
# External relay configuration for production
|
||||
# External relay configuration for production (Mailgun)
|
||||
# All outbound emails will be relayed through Mailgun SMTP
|
||||
# To configure:
|
||||
# 1. Register at mailgun.com and verify your domain (bakewise.ai)
|
||||
# 2. Get your SMTP credentials from Mailgun dashboard
|
||||
# 3. Update the secret in configs/mailgun-credentials-secret.yaml
|
||||
# 4. Apply the secret: kubectl apply -f configs/mailgun-credentials-secret.yaml
|
||||
externalRelay:
|
||||
host: "[smtp.mailgun.org]:587"
|
||||
username: "postmaster@bakewise.ai"
|
||||
password: "PRODUCTION_MAILGUN_API_KEY" # This should be set via secret
|
||||
username: "postmaster@bakewise.ai" # Your Mailgun SMTP username
|
||||
password: "" # Will be loaded from secret - see configs/mailgun-credentials-secret.yaml
|
||||
|
||||
# Environment-specific configurations
|
||||
persistence:
|
||||
|
||||
@@ -39,10 +39,12 @@ limits:
|
||||
value: "200/day"
|
||||
|
||||
# External relay configuration (Mailgun)
|
||||
# Mailu will relay all outbound emails through Mailgun SMTP
|
||||
# Credentials should be provided via Kubernetes secret or environment-specific values
|
||||
externalRelay:
|
||||
host: "[smtp.mailgun.org]:587"
|
||||
username: "postmaster@DOMAIN_PLACEHOLDER"
|
||||
password: "mailgun-api-key-replace-in-production"
|
||||
username: "" # Set in environment-specific values or via secret
|
||||
password: "" # Set in environment-specific values or via secret
|
||||
|
||||
# Webmail configuration
|
||||
webmail:
|
||||
|
||||
Reference in New Issue
Block a user