Add new infra architecture 12

infrastructure/platform/mail/mailu-helm/scripts/deploy-mailu-prod.sh

@@ -7,8 +7,8 @@
 #   1. Unbound DNS deployment (for DNSSEC validation)
 #   2. CoreDNS configuration (forward to Unbound)
 #   3. TLS certificate secret creation
-#   4. Mailu Helm deployment
-#   5. Admin user creation
+#   4. Admin credentials secret creation
+#   5. Mailu Helm deployment (admin user created automatically via initialAccount)
 #
 # Usage:
 #   ./deploy-mailu-prod.sh [--domain DOMAIN] [--admin-password PASSWORD]
@@ -174,9 +174,35 @@ else
 fi
 
 # =============================================================================
-# Step 4: Deploy Mailu via Helm
+# Step 4: Create Admin Credentials Secret
 # =============================================================================
-print_step "Step 4: Deploying Mailu via Helm..."
+print_step "Step 4: Creating admin credentials secret..."
+
+if kubectl get secret mailu-admin-credentials -n "$NAMESPACE" &>/dev/null; then
+    print_success "Admin credentials secret already exists"
+    # Retrieve existing password for summary output
+    if [ -z "$ADMIN_PASSWORD" ]; then
+        ADMIN_PASSWORD=$(kubectl get secret mailu-admin-credentials -n "$NAMESPACE" -o jsonpath='{.data.password}' | base64 -d)
+    fi
+else
+    if [ -z "$ADMIN_PASSWORD" ]; then
+        # Generate a random password
+        ADMIN_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=' | head -c 16)
+        echo -e "${YELLOW}Generated admin password: $ADMIN_PASSWORD${NC}"
+        echo -e "${YELLOW}Please save this password securely!${NC}"
+    fi
+
+    kubectl create secret generic mailu-admin-credentials \
+        --from-literal=password="$ADMIN_PASSWORD" \
+        -n "$NAMESPACE"
+
+    print_success "Admin credentials secret created"
+fi
+
+# =============================================================================
+# Step 5: Deploy Mailu via Helm
+# =============================================================================
+print_step "Step 5: Deploying Mailu via Helm..."
 
 # Add Mailu Helm repository
 helm repo add mailu https://mailu.github.io/helm-charts 2>/dev/null || true
@@ -189,12 +215,12 @@ helm upgrade --install mailu mailu/mailu \
     -f "$MAILU_HELM_DIR/prod/values.yaml" \
     --timeout 10m
 
-print_success "Mailu Helm release deployed"
+print_success "Mailu Helm release deployed (admin user will be created automatically)"
 
 # =============================================================================
-# Step 5: Wait for Pods to be Ready
+# Step 6: Wait for Pods to be Ready
 # =============================================================================
-print_step "Step 5: Waiting for Mailu pods to be ready..."
+print_step "Step 6: Waiting for Mailu pods to be ready..."
 
 echo "This may take 5-10 minutes (ClamAV takes time to initialize)..."
 
@@ -212,24 +238,7 @@ echo ""
 echo "Mailu Pod Status:"
 kubectl get pods -n "$NAMESPACE" | grep mailu
 
-# =============================================================================
-# Step 6: Create Admin User
-# =============================================================================
-print_step "Step 6: Creating admin user..."
-
-if [ -z "$ADMIN_PASSWORD" ]; then
-    # Generate a random password
-    ADMIN_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=' | head -c 16)
-    echo -e "${YELLOW}Generated admin password: $ADMIN_PASSWORD${NC}"
-    echo -e "${YELLOW}Please save this password securely!${NC}"
-fi
-
-kubectl exec -n "$NAMESPACE" deployment/mailu-admin -- \
-    flask mailu admin admin "$DOMAIN" "$ADMIN_PASSWORD" 2>/dev/null || {
-    print_warning "Admin user may already exist or failed to create"
-}
-
-print_success "Admin user configured"
+print_success "Admin user created automatically via Helm initialAccount"
 
 # =============================================================================
 # Summary