Add new infra architecture 3

2026-01-19 13:57:50 +01:00
parent 8461226a97
commit 9edcc8c231
110 changed files with 2568 additions and 4636 deletions
--- a/infrastructure/monitoring/signoz/README.md
+++ b/infrastructure/monitoring/signoz/README.md
@@ -349,19 +349,19 @@ podDisruptionBudget:
 ## Monitoring and Alerting

 ### Email Alerts (Production)
-Configure SMTP in production values (using Mailu with Mailgun relay):
+Configure SMTP in production values (using Mailu Helm with Mailgun relay):
 ```yaml
 signoz:
  env:
    signoz_smtp_enabled: "true"
-    signoz_smtp_host: "mailu-smtp.bakery-ia.svc.cluster.local"
+    signoz_smtp_host: "mailu-postfix.bakery-ia.svc.cluster.local"
    signoz_smtp_port: "587"
    signoz_smtp_from: "alerts@bakewise.ai"
    signoz_smtp_username: "alerts@bakewise.ai"
    # Set via secret: signoz_smtp_password
 ```

-**Note**: Signoz now uses the internal Mailu SMTP service, which relays to Mailgun for better deliverability and centralized email management.
+**Note**: Signoz now uses the internal Mailu SMTP service (deployed via Helm), which relays to Mailgun for better deliverability and centralized email management.

 ### Slack Alerts (Production)
 Configure webhook in Alertmanager:
@@ -392,35 +392,32 @@ Signoz Alertmanager → Mailu SMTP → Mailgun Relay → Recipients

 **Configuration Requirements:**

-1. **Mailu Configuration** (`infrastructure/platform/mail/mailu/mailu-configmap.yaml`):
+1. **Mailu Configuration** (deployed via Helm at `infrastructure/platform/mail/mailu-helm/`):
   ```yaml
-   RELAYHOST: "smtp.mailgun.org:587"
-   RELAY_LOGIN: "postmaster@bakewise.ai"
+   externalRelay:
+     host: "[smtp.mailgun.org]:587"
+     username: "postmaster@bakewise.ai"
+     password: "<mailgun-api-key>"
   ```

-2. **Mailu Secrets** (`infrastructure/platform/mail/mailu/mailu-secrets.yaml`):
-   ```yaml
-   RELAY_PASSWORD: "<mailgun-api-key>"  # Base64 encoded Mailgun API key
-   ```
-
-3. **DNS Configuration** (required for Mailgun):
+2. **DNS Configuration** (required for Mailgun):
   ```
   # MX record
   bakewise.ai.    IN MX    10 mail.bakewise.ai.
-   
+
   # SPF record (authorize Mailgun)
   bakewise.ai.    IN TXT   "v=spf1 include:mailgun.org ~all"
-   
+
   # DKIM record (provided by Mailgun)
   m1._domainkey.bakewise.ai. IN TXT "v=DKIM1; k=rsa; p=<mailgun-public-key>"
-   
+
   # DMARC record
   _dmarc.bakewise.ai. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@bakewise.ai"
   ```

-4. **Signoz SMTP Configuration** (already configured in `signoz-values-prod.yaml`):
+3. **Signoz SMTP Configuration** (already configured in `signoz-values-prod.yaml`):
   ```yaml
-   signoz_smtp_host: "mailu-smtp.bakery-ia.svc.cluster.local"
+   signoz_smtp_host: "mailu-postfix.bakery-ia.svc.cluster.local"
   signoz_smtp_port: "587"
   signoz_smtp_from: "alerts@bakewise.ai"
   ```
@@ -428,14 +425,14 @@ Signoz Alertmanager → Mailu SMTP → Mailgun Relay → Recipients
 **Testing the Integration:**

 1. Trigger a test alert from Signoz UI
-2. Check Mailu logs: `kubectl logs -f mailu-smtp-<pod-id> -n bakery-ia`
+2. Check Mailu logs: `kubectl logs -f -n bakery-ia deployment/mailu-postfix`
 3. Check Mailgun dashboard for delivery status
 4. Verify email receipt in destination inbox

 **Troubleshooting:**

 - **SMTP Authentication Failed**: Verify Mailu credentials and Mailgun API key
- **Email Delivery Delays**: Check Mailu queue with `kubectl exec -it mailu-smtp-<pod-id> -n bakery-ia -- mailq`
+- **Email Delivery Delays**: Check Mailu queue with `kubectl exec -it -n bakery-ia deployment/mailu-postfix -- mailq`
 - **SPF/DKIM Issues**: Verify DNS records and Mailgun domain verification

 ### Self-Monitoring
--- a/infrastructure/monitoring/signoz/signoz-values-prod.yaml
+++ b/infrastructure/monitoring/signoz/signoz-values-prod.yaml
@@ -73,7 +73,7 @@ signoz:
    # signoz_opamp_server_endpoint: "0.0.0.0:4320"
    # SMTP configuration for email alerts - now using Mailu as SMTP server
    signoz_smtp_enabled: "true"
-    signoz_smtp_host: "email-smtp.bakery-ia.svc.cluster.local"
+    signoz_smtp_host: "mailu-postfix.bakery-ia.svc.cluster.local"
    signoz_smtp_port: "587"
    signoz_smtp_from: "alerts@bakewise.ai"
    signoz_smtp_username: "alerts@bakewise.ai"
@@ -136,7 +136,7 @@ alertmanager:
  config:
    global:
      resolve_timeout: 5m
-      smtp_smarthost: 'email-smtp.bakery-ia.svc.cluster.local:587'
+      smtp_smarthost: 'mailu-postfix.bakery-ia.svc.cluster.local:587'
      smtp_from: 'alerts@bakewise.ai'
      smtp_auth_username: 'alerts@bakewise.ai'
      smtp_auth_password: '${SMTP_PASSWORD}'