Articles in this section

Configure a new Email Signature Server in Kubernetes

About this article

In this article we will be using the provided Terraform scripts to configure and create the Kubernetes cluster and resources required to run the Email Signature Server.

The following resources will be created by the Terraform scripts:

  • Service principal, this is required for the Kubernetes cluster to access the azure resources.
  • Resource group, the Kubernetes cluster, Storage account, and Log analytics resources will be created here.
  • Node resource group, MC_<Original Resource Group Name>_<Kubernetes Cluster Name>_<Location>
  • Kubernetes cluster, this is required to host the email signature server component.
  • Log analytics, from here the performance of the Kubernetes cluster can be monitored.
  • Storage account, this is where the email signature generated from Templafy will be stored.

Prerequisites

 
  • Base default implementation Terraform scripts provided by Templafy.

     

  • Global Admin account in the Enterprise type Azure subscription. The account needs to have either the Owner role in the subscription or the Contributor role and the permissions to create service principals and assign roles.

    • While it's not necessary to execute the deployment, the account must be a RBAC Cluster Admin for monitoring purposes.

 

Installation steps from Azure Cloud Shell

 
  • These steps are based on the Bash version of Cloud Shell
  1. Log in to Azure portal.

  2. Start Cloud Shell mceclip0.png

  3. Verify subscription where the AKS cluster should reside:

    az account show

    • Set the default subscription to the one all resources should be created under, with the following command:
      az account set --subscription <subscription name or id>

  4. In Cloud Shell navigate to the clouddrive directory:
    cd clouddrive

  5. Create a new directory which will host the terraform files:
    mkdir terraform

  6. Change to this directory
    cd terraform

  7. Download and extract the terraform-root.zip file:

    curl -O https://templafydownload.blob.core.windows.net/delivery/ESS/terraform-root.zip
    unzip terraform-root.zip
  8. Open the editor by executing the following command:
    code .

  9. Select the configuration file variables.tfvars and edit the variables based on your environment.

     

     

    • office365ApplicationId is the Application Id assigned in the app registration
      (Step 2. Configure access to mailboxes

    • office365SmtpServerHostname can be retrieved from the exchange admin portal, by accessing https://admin.microsoft.com/AdminPortal/Home#/Domains and selecting the default domain. From here you can select the DNS records tab to find the MX entry

      • Alternatively, to find this setting, you can run nslookup -type=mx <your primary domain>
    • office365AuthenticationUrl is https://login.microsoftonline.com/<your Primary Domain or Tenant ID>

  10. Run the first set of terraform scripts:

    ./tf-run-azure-config.bat

     

     
    • In order to troubleshoot any errors that arise, please follow the links specified by Microsoft in the error message.
      • Common issues include incorrect licensing, inadequate vCPU quota, and improper permissions.
  11. The output result will display the public IP on which the email signature server is listening on.

  12. Click the mxtoolbox_blacklist_ip_check URL in the output result and verify the IP address issued by Microsoft is not on any SMTP blacklist.

     

     
    • Using the Blacklist Check tool with the cluster_public_ip address at Network Tools: DNS,IP,Email (mxtoolbox.com)
    • If you find the Microsoft issued public IP address is on any of the blacklists, before continuing, you will need to delete the public IP address and re-run the ./tf-run-azure-config.bat from step 10. repeating these steps until the output gives a cluster_public_ip that is not on any blacklists.
      1. source init.env
      2. az network public-ip delete --ids $ess_cluster_public_ip_resource_id

     

  13. Save this cluster_public_ip from the output for upcoming steps.
     
    • Update the SPF record for all email sending domains.

    • To ensure the Email Signature Server is identified as authorized to process mail for your domains it is important to add the cluster_public_ip for your cluster to the DNS SPF record for each domain that may be sending emails through the Templafy Email Signature Server for processing.
    • nslookup -type=txt <your primary domain>
    • Example (SPF Record): v=spf1 ip4:<public_ip_address> ...

     

  14. Source the init.env file to set the environment variables for your cluster that will be used by the rest of the commands:

    source init.env

  15. Since the cluster uses Azure RBAC we need to go through an authentication process to gain access to the cluster.

    • Run the following command to authenticate:

      ./ess-get-credentials.bat

    • This will trigger an SSO Microsoft authentication process. Follow the instructions on screen and after successful authentication the output will be the namespaces of the cluster. Now you have a valid session with the cluster to run the next terraform deployment.
  16. Run the second set of terraform scripts:

    ./tf-run-kubernetes-config.bat

Configure Standard Azure Load Balancer

  1. Run the command to set the load balancer configuration in the deployment to the cluster_public_ip:

    ./ess-set-standard-load-balancer.bat

Upload the secrets to the Kubernetes cluster

  • Upload the certificate files created earlier in Configure certificates to the Cloud Shell by clicking on the "Upload/Download files" icon.

    2022-12-07_10-24-53.png

  • Click the "Manage file share" link
  • Navigate to the terraform/ directory
  • Navigate to the certs/ directory
  • Click the [Upload] button and select the certificates from your local machine and upload them into the certs/ directory
  • Run the following commands to upload the certificates to the secrets in the cluster:

    ./ess-upload-certs.bat

Activate the deployment replica set

  • Run the following command to activate the replica set and create the email-signature-server pods: ./ess-activate-replicas.bat

Show the generated Azure Blob storage Shared Access Signature URL

  1. ./ess-show-sas-url.bat
  2. Copy the Blob SAS URL and save it for use in Configure Templafy for Email Signature Server
email signature kubernetes email signature server Client-hosted
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.