About this article
In this article we will be using the provided Terraform scripts to configure and create the Kubernetes cluster and resources required to run the Email Signature Server.
- Installation steps from Azure Cloud Shell
- Configure Standard Azure Load Balancer
- Upload the secrets to the Kubernetes cluster
- Activate the deployment replica set
- Show the generated Azure Blob storage Shared Access Signature URL
The following resources will be created by the Terraform scripts:
- Service principal, this is required for the Kubernetes cluster to access the azure resources.
- Resource group, the Kubernetes cluster, Storage account, and Log analytics resources will be created here.
- Node resource group,
MC_<Original Resource Group Name>_<Kubernetes Cluster Name>_<Location>
- Kubernetes cluster, this is required to host the email signature server component.
- Log analytics, from here the performance of the Kubernetes cluster can be monitored.
- Storage account, this is where the email signature generated from Templafy will be stored.
Prerequisites
|
Installation steps from Azure Cloud Shell
|
-
Log in to Azure portal.
-
Start Cloud Shell
- The first time you are using Cloud Shell you need to create a storage account for Cloud Shell. It is used to persist files.
- When prompted to choose Bash or PowerShell choose
Bash
.
Read more here: https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart
- Verify subscription where the AKS cluster should reside:
az account show
-
Set the default subscription to the one all resources should be created under, with the following command:
az account set --subscription <subscription name or id>
-
-
In Cloud Shell navigate to the clouddrive directory:
cd clouddrive
-
Create a new directory which will host the terraform files:
mkdir terraform
-
Change to this directory
cd terraform
-
Download and extract the terraform-root.zip file:
curl https://templafydownload.blob.core.windows.net/delivery/ESS/terraform-root.zip > terraform-root.zip
unzip terraform-root.zip
-
Open the editor by executing the following command:
code .
-
Select the configuration file
variables.tfvars
and edit the variables based on your environment.- Remember to save the file before moving on to the next step. (Ctrl-S)
- Check global availability of storage account name
-
office365ApplicationId
is the Application Id assigned in the app registration
(Step 2. Configure access to mailboxes) -
office365SmtpServerHostname
can be retrieved from the exchange admin portal, by accessing https://admin.microsoft.com/AdminPortal/Home#/Domains and selecting the default domain. From here you can select the DNS records tab to find the MX entry- Alternatively, to find this setting, you can run
nslookup -type=mx <your primary domain>
- Alternatively, to find this setting, you can run
-
office365AuthenticationUrl
ishttps://login.microsoftonline.com/<your Primary Domain or Tenant ID>
- Run the first set of terraform scripts:
./tf-run-azure-config.bat
-
The output result will display the public IP on which the email signature server is listening on.
Save the value of the cluster_public_ip from the output for the next steps.-
Update the SPF record for all email sending domains.
- To ensure the Email Signature Server is identified as authorized to process mail for your domains it is important to add the Public IP address for your cluster to the DNS SPF record for each domain that may be sending emails through the Templafy Email Signature Server for processing.
nslookup -type=txt <your primary domain>
- Example (SPF Record):
v=spf1 ip4:<public_ip_address> ...
-
- Source the init.env file to set the environment variables for your cluster that will be used by the rest of the commands:
source init.env
-
Since the cluster uses Azure AD RBAC we need to go through an authentication process to gain access to the cluster.
- Run the following command to authenticate:
./ess-get-credentials.bat
- This will trigger an SSO Microsoft authentication process. Follow the instructions on screen and after successful authentication the output will be the namespaces of the cluster. Now you have a valid session with the cluste to run the next terraform deployment.
- Run the following command to authenticate:
- Run the second set of terraform scripts:
./tf-run-kubernetes-config.bat
Configure Standard Azure Load Balancer
-
Run the command to set the load balancer configuration in the deployment to the cluster_public_ip:
./ess-set-standard-load-balancer.bat
Upload the secrets to the Kubernetes cluster
-
Upload the certificate files created earlier in Configure certificates to the Cloud Shell by clicking on the "Upload/Download files" icon.
- Click the "Manage file share" link
- Navigate to the terraform/ directory
- Navigate to the certs/ directory
- Click the [Upload] button and select the certificates from your local machine and upload them into the certs/ directory
-
Run the following commands to upload the certificates to the secrets in the cluster:
./ess-upload-certs.bat
Activate the deployment replica set
- Run the following command to activate the replica set and create the email-signature-server pods:
./ess-activate-replicas.bat
Show the generated Azure Blob storage Shared Access Signature URL
./ess-show-sas-url.bat
- Copy the Blob SAS URL and save it for use in Configure Templafy for Email Signature Server
Comments
0 comments
Article is closed for comments.