Adjusted SMTP

deploy/setup-smtp.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# Session 6.4 — SMTP secret setup for PieCed Portal
+#
+# 1. Store SMTP credentials in OpenBao
+# 2. Apply the ExternalSecret
+# 3. Patch the portal deployment to mount the secret
+#
+# Prerequisites: bao CLI authenticated, kubectl context set
+
+set -e
+
+# ─── Step 1: Store SMTP creds in OpenBao ───────────────────────────────────────
+echo "==> Storing SMTP credentials in OpenBao..."
+bao kv put pieced/portal/smtp \
+  host="smtp.gmail.com" \
+  port="587" \
+  user="noreply@pieced.ch" \
+  password="REPLACE_WITH_APP_PASSWORD" \
+  from="PieCed <noreply@pieced.ch>" \
+  admin_email="admin@pieced.ch"
+
+echo "==> Verifying..."
+bao kv get pieced/portal/smtp
+
+# ─── Step 2: Apply ExternalSecret ──────────────────────────────────────────────
+echo "==> Applying ExternalSecret..."
+kubectl apply -f deploy/portal-smtp-externalsecret.yaml
+
+echo "==> Waiting for ExternalSecret to sync..."
+kubectl wait --for=condition=Ready externalsecret/portal-smtp -n pieced-system --timeout=60s
+
+echo "==> Verifying K8s secret created..."
+kubectl get secret portal-smtp -n pieced-system
+
+# ─── Step 3: Patch portal deployment to mount SMTP secret ──────────────────────
+echo "==> Patching portal deployment..."
+# Add envFrom entry for portal-smtp secret
+# If your deployment already uses a patch file, add this to the containers[0].envFrom array instead.
+kubectl patch deployment pieced-portal -n pieced-system --type=json -p='[
+  {
+    "op": "add",
+    "path": "/spec/template/spec/containers/0/envFrom/-",
+    "value": {
+      "secretRef": {
+        "name": "portal-smtp"
+      }
+    }
+  }
+]'
+
+echo "==> Restarting portal..."
+kubectl rollout restart deployment pieced-portal -n pieced-system
+kubectl rollout status deployment pieced-portal -n pieced-system
+
+echo "==> Done! SMTP credentials are now available to the portal."