Fix resources isues 8

infrastructure/platform/mail/mailu-helm/README.md

@@ -23,7 +23,7 @@ mailu-helm/
 The following critical configurations from the original Kustomize setup have been preserved:
 
 - **Domain settings**: Domain and hostnames for both dev and prod
-- **External relay**: Mailgun SMTP relay configuration
+- **External relay**: MailerSend SMTP relay configuration
 - **Redis integration**: Connection to shared Redis cluster (database 15)
 - **Database settings**: PostgreSQL connection details
 - **Resource limits**: CPU and memory requests/limits matching original setup
@@ -39,7 +39,7 @@ The following critical configurations from the original Kustomize setup have bee
 2. Kubernetes cluster with storage provisioner
 3. Ingress controller (NGINX) - already deployed in your cluster
 4. Cert-manager for TLS certificates (optional, depends on your ingress setup)
-5. External SMTP relay account (Mailgun)
+5. External SMTP relay account (MailerSend - https://mailersend.com)
 
 ### Deployment Commands
 

infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml

@@ -0,0 +1,104 @@
+# MailerSend SMTP Credentials Secret for Mailu
+#
+# This secret stores MailerSend credentials for outbound email relay.
+# Mailu uses MailerSend as an external SMTP relay to send all outbound emails.
+#
+# ============================================================================
+# HOW TO CONFIGURE:
+# ============================================================================
+#
+# 1. Go to https://accounts.mailersend.com/signup and create an account
+#
+# 2. Add and verify your domain:
+#    - For dev: bakery-ia.dev
+#    - For prod: bakewise.ai
+#    - Go to Email -> Domains -> Add domain
+#    - Follow the DNS verification steps (add TXT records)
+#
+# 3. Generate SMTP credentials:
+#    - Go to Email -> Domains -> Click on your domain
+#    - Go to SMTP section
+#    - Click "Generate new user"
+#    - Save the generated username and password
+#
+# 4. Note your SMTP credentials:
+#    - SMTP hostname: smtp.mailersend.net
+#    - Port: 587 (TLS/STARTTLS)
+#    - Username: generated by MailerSend (e.g., MS_xxxxxx@trial-xxxxx.mlsender.net)
+#    - Password: generated SMTP password
+#
+# 5. Replace the placeholder values below with your credentials
+#
+# 6. Apply this secret:
+#    kubectl apply -f mailersend-credentials-secret.yaml -n bakery-ia
+#
+# ============================================================================
+# IMPORTANT NOTES:
+# ============================================================================
+#
+# - MailerSend requires TLS 1.2 or higher (supported by default)
+# - SMTP credentials are account-wide (work for any verified domain)
+# - Free tier: 3,000 emails/month (12,000 with verified domain)
+# - Rate limit: 120 requests/minute
+#
+# ============================================================================
+# DNS RECORDS REQUIRED FOR MAILERSEND:
+# ============================================================================
+#
+# Add these DNS records to your domain (Cloudflare) for proper email delivery:
+#
+# 1. SPF Record (TXT):
+#    Name: @
+#    Value: v=spf1 include:mailersend.net ~all
+#
+# 2. DKIM Records (TXT):
+#    MailerSend will provide DKIM keys after domain verification
+#    Typically: mlsend._domainkey and mlsend2._domainkey
+#    (check your MailerSend domain settings for exact values)
+#
+# 3. DMARC Record (TXT):
+#    Name: _dmarc
+#    Value: v=DMARC1; p=quarantine; rua=mailto:admin@bakewise.ai
+#
+# 4. MX Records (for receiving mail via Mailu):
+#    Priority 10: mail.bakewise.ai
+#
+# 5. A Record:
+#    Name: mail
+#    Value: <your-server-public-IP>
+#
+# ============================================================================
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mailu-mailersend-credentials
+  namespace: bakery-ia
+  labels:
+    app: mailu
+    component: external-relay
+  annotations:
+    description: "MailerSend SMTP credentials for Mailu external relay"
+type: Opaque
+stringData:
+  # ============================================================================
+  # REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS
+  # ============================================================================
+  #
+  # Option 1: Use stringData (plain text - Kubernetes will encode automatically)
+  # This is easier for initial setup but shows credentials in the file
+  #
+  RELAY_USERNAME: "MS_d34ZtW@bakewise.ai"
+  RELAY_PASSWORD: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"
+  #
+  # ============================================================================
+  # ALTERNATIVE: Use pre-encoded values (more secure for version control)
+  # ============================================================================
+  # Comment out stringData above and uncomment data below:
+  #
+  # data:
+  #   # Base64 encoded values
+  #   # echo -n 'your-mailersend-username' | base64
+  #   RELAY_USERNAME: WU9VUl9NQUlMRVJTRU5EX1NNVFBfVVNFUk5BTUU=
+  #   # echo -n 'your-mailersend-password' | base64
+  #   RELAY_PASSWORD: WU9VUl9NQUlMRVJTRU5EX1NNVFBfUEFTU1dPUkQ=

infrastructure/platform/mail/mailu-helm/configs/mailgun-credentials-secret.yaml

@@ -1,94 +0,0 @@
-# Mailgun SMTP Credentials Secret for Mailu
-#
-# This secret stores Mailgun credentials for outbound email relay.
-# Mailu uses Mailgun as an external SMTP relay to send all outbound emails.
-#
-# ============================================================================
-# HOW TO CONFIGURE:
-# ============================================================================
-#
-# 1. Go to https://www.mailgun.com and create an account
-#
-# 2. Add and verify your domain:
-#    - For dev: bakery-ia.dev
-#    - For prod: bakewise.ai
-#
-# 3. Go to Domain Settings > SMTP credentials in Mailgun dashboard
-#
-# 4. Note your SMTP credentials:
-#    - SMTP hostname: smtp.mailgun.org
-#    - Port: 587 (TLS/STARTTLS)
-#    - Username: typically postmaster@yourdomain.com
-#    - Password: your Mailgun SMTP password (NOT the API key)
-#
-# 5. Base64 encode your credentials:
-#    echo -n 'postmaster@bakewise.ai' | base64
-#    echo -n 'your-mailgun-smtp-password' | base64
-#
-# 6. Replace the placeholder values below with your encoded credentials
-#
-# 7. Apply this secret:
-#    kubectl apply -f mailgun-credentials-secret.yaml -n bakery-ia
-#
-# ============================================================================
-# IMPORTANT NOTES:
-# ============================================================================
-#
-# - Use the SMTP password from Mailgun, NOT the API key
-# - The username format is: postmaster@yourdomain.com
-# - For sandbox domains, Mailgun requires adding authorized recipients
-# - Production domains need DNS verification (SPF, DKIM records)
-#
-# ============================================================================
-# DNS RECORDS REQUIRED FOR MAILGUN:
-# ============================================================================
-#
-# Add these DNS records to your domain for proper email delivery:
-#
-# 1. SPF Record (TXT):
-#    Name: @
-#    Value: v=spf1 include:mailgun.org ~all
-#
-# 2. DKIM Records (TXT):
-#    Mailgun will provide two DKIM keys to add as TXT records
-#    (check your Mailgun domain settings for exact values)
-#
-# 3. MX Records (optional, only if receiving via Mailgun):
-#    Priority 10: mxa.mailgun.org
-#    Priority 10: mxb.mailgun.org
-#
-# ============================================================================
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mailu-mailgun-credentials
-  namespace: bakery-ia
-  labels:
-    app: mailu
-    component: external-relay
-  annotations:
-    description: "Mailgun SMTP credentials for Mailu external relay"
-type: Opaque
-stringData:
-  # ============================================================================
-  # REPLACE THESE VALUES WITH YOUR MAILGUN CREDENTIALS
-  # ============================================================================
-  #
-  # Option 1: Use stringData (plain text - Kubernetes will encode automatically)
-  # This is easier for initial setup but shows credentials in the file
-  #
-  RELAY_USERNAME: "postmaster@sandboxc1bff891532b4f0c83056a68ae080b4c.mailgun.org"
-  RELAY_PASSWORD: "2e47104abadad8eb820d00042ea6d5eb-77c6c375-89c7ea55"
-  #
-  # ============================================================================
-  # ALTERNATIVE: Use pre-encoded values (more secure for version control)
-  # ============================================================================
-  # Comment out stringData above and uncomment data below:
-  #
-  # data:
-  #   # Base64 encoded values
-  #   # echo -n 'postmaster@bakewise.ai' | base64
-  #   RELAY_USERNAME: cG9zdG1hc3RlckBiYWtld2lzZS5haQ==
-  #   # echo -n 'your-password' | base64
-  #   RELAY_PASSWORD: WU9VUl9NQUlMR1VOX1NNVFBfUEFTU1dPUkQ=

infrastructure/platform/mail/mailu-helm/scripts/deploy-mailu-prod.sh

@@ -274,9 +274,22 @@ echo "  CoreDNS is configured with DNS-over-TLS (Cloudflare) for DNSSEC validati
 echo "  CoreDNS IP: $COREDNS_IP"
 echo ""
 echo "Next Steps:"
-echo "  1. Configure DNS records (A, MX, SPF, DMARC)"
-echo "  2. Get DKIM key: kubectl exec -n $NAMESPACE deployment/mailu-admin -- cat /dkim/$DOMAIN.dkim.pub"
-echo "  3. Add DKIM TXT record to DNS"
+echo "  1. Configure MailerSend:"
+echo "     - Sign up at https://accounts.mailersend.com/signup"
+echo "     - Add domain '$DOMAIN' and verify DNS records"
+echo "     - Generate SMTP credentials (Email -> Domains -> SMTP)"
+echo "     - Update secret: kubectl edit secret mailu-mailersend-credentials -n $NAMESPACE"
+echo ""
+echo "  2. Configure DNS records in Cloudflare for '$DOMAIN':"
+echo "     - A record: mail -> <your-server-IP>"
+echo "     - MX record: @ -> mail.$DOMAIN (priority 10)"
+echo "     - TXT (SPF): @ -> v=spf1 include:mailersend.net ~all"
+echo "     - TXT (DKIM): mlsend._domainkey -> <from MailerSend dashboard>"
+echo "     - TXT (DMARC): _dmarc -> v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN"
+echo ""
+echo "  3. Get Mailu DKIM key (for direct sending):"
+echo "     kubectl exec -n $NAMESPACE deployment/mailu-admin -- cat /dkim/$DOMAIN.dkim.pub"
+echo ""
 echo "  4. Configure Ingress for mail.$DOMAIN"
 echo ""
 echo "To check pod status:"

infrastructure/platform/mail/mailu-helm/values.yaml

@@ -50,13 +50,14 @@ limits:
   messageRatelimit:
     value: "200/day"
 
-# External relay configuration (Mailgun)
-# Mailu will relay all outbound emails through Mailgun SMTP
+# External relay configuration (MailerSend)
+# Mailu will relay all outbound emails through MailerSend SMTP
 # Credentials are loaded from Kubernetes secret for security
+# MailerSend requires TLS 1.2+ (supported by default on port 587)
 externalRelay:
-  host: "[smtp.mailgun.org]:587"
+  host: "[smtp.mailersend.net]:587"
   # Use existing secret for credentials (recommended for security)
-  secretName: "mailu-mailgun-credentials"
+  secretName: "mailu-mailersend-credentials"
   usernameKey: "RELAY_USERNAME"
   passwordKey: "RELAY_PASSWORD"