About this article
In this article we will be using the provided Terraform scripts to configure and create the Kubernetes cluster and resources required to run the Email Signature Server.
- Installation steps from Azure Cloud Shell
- Configure Standard Azure Load Balancer
- Upload the secrets to the Kubernetes cluster
- Activate the deployment replica set
- Show the generated Azure Blob storage Shared Access Signature URL
The following resources will be created by the Terraform scripts:
- Service principal, this is required for the Kubernetes cluster to access the azure resources.
- Resource group, the Kubernetes cluster, Storage account, and Log analytics resources will be created here.
-
Node resource group,
MC_<Original Resource Group Name>_<Kubernetes Cluster Name>_<Location>
- Kubernetes cluster, this is required to host the email signature server component.
- Log analytics, from here the performance of the Kubernetes cluster can be monitored.
- Storage account, this is where the email signature generated from Templafy will be stored.
Prerequisites
|
Installation steps from Azure Cloud Shell
|
-
Log in to Azure portal.
-
Start Cloud Shell
- The first time you are using Cloud Shell you need to create a storage account for Cloud Shell. It is used to persist files.
- When prompted to choose Bash or PowerShell choose
Bash
.
Read more here: https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart
- Verify subscription where the AKS cluster should reside:
az account show
-
Set the default subscription to the one all resources should be created under, with the following command:
az account set --subscription <subscription name or id>
-
-
In Cloud Shell navigate to the clouddrive directory:
cd clouddrive
-
Create a new directory which will host the terraform files:
mkdir terraform
-
Change to this directory
cd terraform
-
Download and extract the terraform-root.zip file:
curl -O https://templafydownload.blob.core.windows.net/delivery/ESS/terraform-root.zip
unzip terraform-root.zip
-
Open the editor by executing the following command:
code .
-
Select the configuration file
variables.tfvars
and edit the variables based on your environment.- Remember to save the file before moving on to the next step. (Ctrl-S)
- Check global availability of storage account name
-
office365ApplicationId
is the Application Id assigned in the app registration
(Step 2. Configure access to mailboxes) -
office365SmtpServerHostname
can be retrieved from the exchange admin portal, by accessing https://admin.microsoft.com/AdminPortal/Home#/Domains and selecting the default domain. From here you can select the DNS records tab to find the MX entry- Alternatively, to find this setting, you can run
nslookup -type=mx <your primary domain>
- Alternatively, to find this setting, you can run
-
office365AuthenticationUrl
ishttps://login.microsoftonline.com/<your Primary Domain or Tenant ID>
- Run the first set of terraform scripts:
./tf-run-azure-config.bat
- In order to troubleshoot any errors that arise, please follow the links specified by Microsoft in the error message.
- Common issues include incorrect licensing, inadequate vCPU quota, and improper permissions.
- In order to troubleshoot any errors that arise, please follow the links specified by Microsoft in the error message.
-
The output result will display the public IP on which the email signature server is listening on.
- Click the mxtoolbox_blacklist_ip_check URL in the output result and verify the IP address issued by Microsoft is not on any SMTP blacklist.
- Using the Blacklist Check tool with the cluster_public_ip address at Network Tools: DNS,IP,Email (mxtoolbox.com)
- If you find the Microsoft issued public IP address is on any of the blacklists, before continuing, you will need to delete the public IP address and re-run the
./tf-run-azure-config.bat
from step 10. repeating these steps until the output gives a cluster_public_ip that is not on any blacklists.source init.env
az network public-ip delete --ids $ess_cluster_public_ip_resource_id
- Save this cluster_public_ip from the output for upcoming steps.
-
Update the SPF record for all email sending domains.
- To ensure the Email Signature Server is identified as authorized to process mail for your domains it is important to add the cluster_public_ip for your cluster to the DNS SPF record for each domain that may be sending emails through the Templafy Email Signature Server for processing.
nslookup -type=txt <your primary domain>
- Example (SPF Record):
v=spf1 ip4:<public_ip_address> ...
-
- Source the init.env file to set the environment variables for your cluster that will be used by the rest of the commands:
source init.env
-
Since the cluster uses Azure RBAC we need to go through an authentication process to gain access to the cluster.
- Run the following command to authenticate:
./ess-get-credentials.bat
- This will trigger an SSO Microsoft authentication process. Follow the instructions on screen and after successful authentication the output will be the namespaces of the cluster. Now you have a valid session with the cluster to run the next terraform deployment.
- Run the following command to authenticate:
- Run the second set of terraform scripts:
./tf-run-kubernetes-config.bat
Configure Standard Azure Load Balancer
-
Run the command to set the load balancer configuration in the deployment to the cluster_public_ip:
./ess-set-standard-load-balancer.bat
Upload the secrets to the Kubernetes cluster
-
Upload the certificate files created earlier in Configure certificates to the Cloud Shell by clicking on the "Upload/Download files" icon.
- Click the "Manage file share" link
- Navigate to the terraform/ directory
- Navigate to the certs/ directory
- Click the [Upload] button and select the certificates from your local machine and upload them into the certs/ directory
-
Run the following commands to upload the certificates to the secrets in the cluster:
./ess-upload-certs.bat
Activate the deployment replica set
- Run the following command to activate the replica set and create the email-signature-server pods:
./ess-activate-replicas.bat
Show the generated Azure Blob storage Shared Access Signature URL
./ess-show-sas-url.bat
- Copy the Blob SAS URL and save it for use in Configure Templafy for Email Signature Server
Comments
Article is closed for comments.