Add new infra architecture 12
This commit is contained in:
Urtzi Alfaro
@@ -3,33 +3,61 @@
|
||||
# This secret stores Mailgun credentials for outbound email relay.
|
||||
# Mailu uses Mailgun as an external SMTP relay to send all outbound emails.
|
||||
#
|
||||
# ============================================================================
|
||||
# HOW TO CONFIGURE:
|
||||
# ============================================================================
|
||||
#
|
||||
# 1. Go to https://www.mailgun.com and create an account
|
||||
# 2. Add and verify your domain (e.g., bakery-ia.dev or bakewise.ai)
|
||||
# 3. Go to Domain Settings > SMTP credentials
|
||||
#
|
||||
# 2. Add and verify your domain:
|
||||
# - For dev: bakery-ia.dev
|
||||
# - For prod: bakewise.ai
|
||||
#
|
||||
# 3. Go to Domain Settings > SMTP credentials in Mailgun dashboard
|
||||
#
|
||||
# 4. Note your SMTP credentials:
|
||||
# - SMTP hostname: smtp.mailgun.org
|
||||
# - Port: 587 (TLS)
|
||||
# - Username: usually postmaster@yourdomain.com
|
||||
# - Password: your Mailgun SMTP password (NOT API key)
|
||||
# 5. Base64 encode your password:
|
||||
# - Port: 587 (TLS/STARTTLS)
|
||||
# - Username: typically postmaster@yourdomain.com
|
||||
# - Password: your Mailgun SMTP password (NOT the API key)
|
||||
#
|
||||
# 5. Base64 encode your credentials:
|
||||
# echo -n 'postmaster@bakewise.ai' | base64
|
||||
# echo -n 'your-mailgun-smtp-password' | base64
|
||||
# 6. Replace MAILGUN_SMTP_PASSWORD_BASE64 below with the encoded value
|
||||
#
|
||||
# 6. Replace the placeholder values below with your encoded credentials
|
||||
#
|
||||
# 7. Apply this secret:
|
||||
# kubectl apply -f mailgun-credentials-secret.yaml -n bakery-ia
|
||||
#
|
||||
# ============================================================================
|
||||
# IMPORTANT NOTES:
|
||||
# - Use the SMTP password from Mailgun, not the API key
|
||||
# - The username is typically postmaster@yourdomain.com
|
||||
# - For sandbox domains, Mailgun requires authorized recipients
|
||||
# - Production domains need DNS verification (SPF, DKIM, MX records)
|
||||
# ============================================================================
|
||||
#
|
||||
# - Use the SMTP password from Mailgun, NOT the API key
|
||||
# - The username format is: postmaster@yourdomain.com
|
||||
# - For sandbox domains, Mailgun requires adding authorized recipients
|
||||
# - Production domains need DNS verification (SPF, DKIM records)
|
||||
#
|
||||
# ============================================================================
|
||||
# DNS RECORDS REQUIRED FOR MAILGUN:
|
||||
# You will need to add these DNS records for your domain:
|
||||
# - SPF: TXT record for email authentication
|
||||
# - DKIM: TXT records for email signing (Mailgun provides these)
|
||||
# - MX: If you want to receive emails via Mailgun (optional for relay-only)
|
||||
# ============================================================================
|
||||
#
|
||||
# Add these DNS records to your domain for proper email delivery:
|
||||
#
|
||||
# 1. SPF Record (TXT):
|
||||
# Name: @
|
||||
# Value: v=spf1 include:mailgun.org ~all
|
||||
#
|
||||
# 2. DKIM Records (TXT):
|
||||
# Mailgun will provide two DKIM keys to add as TXT records
|
||||
# (check your Mailgun domain settings for exact values)
|
||||
#
|
||||
# 3. MX Records (optional, only if receiving via Mailgun):
|
||||
# Priority 10: mxa.mailgun.org
|
||||
# Priority 10: mxb.mailgun.org
|
||||
#
|
||||
# ============================================================================
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@@ -39,39 +67,28 @@ metadata:
|
||||
labels:
|
||||
app: mailu
|
||||
component: external-relay
|
||||
annotations:
|
||||
description: "Mailgun SMTP credentials for Mailu external relay"
|
||||
type: Opaque
|
||||
data:
|
||||
# Base64 encoded Mailgun SMTP password
|
||||
# To encode: echo -n 'your-password' | base64
|
||||
# To decode: echo 'encoded-value' | base64 -d
|
||||
RELAY_PASSWORD: MAILGUN_SMTP_PASSWORD_BASE64
|
||||
---
|
||||
# Development environment secret (separate for different Mailgun domain)
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mailu-mailgun-credentials-dev
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app: mailu
|
||||
component: external-relay
|
||||
environment: dev
|
||||
type: Opaque
|
||||
data:
|
||||
# Mailgun credentials for bakery-ia.dev domain
|
||||
RELAY_PASSWORD: MAILGUN_DEV_SMTP_PASSWORD_BASE64
|
||||
---
|
||||
# Production environment secret
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mailu-mailgun-credentials-prod
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app: mailu
|
||||
component: external-relay
|
||||
environment: prod
|
||||
type: Opaque
|
||||
data:
|
||||
# Mailgun credentials for bakewise.ai domain
|
||||
RELAY_PASSWORD: MAILGUN_PROD_SMTP_PASSWORD_BASE64
|
||||
stringData:
|
||||
# ============================================================================
|
||||
# REPLACE THESE VALUES WITH YOUR MAILGUN CREDENTIALS
|
||||
# ============================================================================
|
||||
#
|
||||
# Option 1: Use stringData (plain text - Kubernetes will encode automatically)
|
||||
# This is easier for initial setup but shows credentials in the file
|
||||
#
|
||||
RELAY_USERNAME: "postmaster@sandboxc1bff891532b4f0c83056a68ae080b4c.mailgun.org"
|
||||
RELAY_PASSWORD: "2e47104abadad8eb820d00042ea6d5eb-77c6c375-89c7ea55"
|
||||
#
|
||||
# ============================================================================
|
||||
# ALTERNATIVE: Use pre-encoded values (more secure for version control)
|
||||
# ============================================================================
|
||||
# Comment out stringData above and uncomment data below:
|
||||
#
|
||||
# data:
|
||||
# # Base64 encoded values
|
||||
# # echo -n 'postmaster@bakewise.ai' | base64
|
||||
# RELAY_USERNAME: cG9zdG1hc3RlckBiYWtld2lzZS5haQ==
|
||||
# # echo -n 'your-password' | base64
|
||||
# RELAY_PASSWORD: WU9VUl9NQUlMR1VOX1NNVFBfUEFTU1dPUkQ=
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
# Mailu Admin Credentials Secret
|
||||
# This secret stores the initial admin account password for Mailu
|
||||
#
|
||||
# The password is used by the Helm chart's initialAccount feature to create
|
||||
# the admin user automatically during deployment.
|
||||
#
|
||||
# IMPORTANT: Replace the base64-encoded password before applying!
|
||||
#
|
||||
# To generate a secure password and encode it:
|
||||
# PASSWORD=$(openssl rand -base64 16 | tr -d '/+=' | head -c 16)
|
||||
# echo -n "$PASSWORD" | base64
|
||||
#
|
||||
# To apply this secret:
|
||||
# kubectl apply -f mailu-admin-credentials-secret.yaml -n bakery-ia
|
||||
#
|
||||
# After deployment, you can log in to the Mailu admin panel at:
|
||||
# https://mail.<domain>/admin
|
||||
# Username: admin@<domain>
|
||||
# Password: <the password you set>
|
||||
#
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mailu-admin-credentials
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app.kubernetes.io/name: mailu
|
||||
app.kubernetes.io/component: admin
|
||||
type: Opaque
|
||||
data:
|
||||
# Base64-encoded password
|
||||
# Example: "changeme123" = Y2hhbmdlbWUxMjM=
|
||||
# IMPORTANT: Replace with your own secure password!
|
||||
password: "Y2hhbmdlbWUxMjM="
|
||||
Reference in New Issue
Block a user