Skip to content

docs(proton-bridge): add interactive login workflow #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mgarratt merged 1 commit into from
Feb 14, 2026
Merged

docs(proton-bridge): add interactive login workflow #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions charts/proton-bridge/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,63 @@

Deploys `ghcr.io/mgarratt/docker-images/proton-bridge` as a single-replica Helm release for in-cluster SMTP/IMAP access.

## Login Workflow

Proton Bridge can only run a single process against its state directory. To log in interactively, scale the main Deployment to `0`, run a temporary CLI pod with `BRIDGE_MODE=cli`, then scale back up.

This workflow expects `persistence.enabled=true` (default) so `/home/bridge` is backed by the chart PVC and login data persists.

```bash
NAMESPACE=default
RELEASE=proton-bridge
DEPLOYMENT="$(kubectl -n "$NAMESPACE" get deploy \
-l app.kubernetes.io/instance="$RELEASE",app.kubernetes.io/name=proton-bridge \
-o jsonpath='{.items[0].metadata.name}')"
IMAGE="$(kubectl -n "$NAMESPACE" get deploy "$DEPLOYMENT" -o jsonpath='{.spec.template.spec.containers[0].image}')"
SECRET_NAME="$(kubectl -n "$NAMESPACE" get deploy "$DEPLOYMENT" -o jsonpath='{.spec.template.spec.containers[0].envFrom[0].secretRef.name}')"
PVC_NAME="$(kubectl -n "$NAMESPACE" get deploy "$DEPLOYMENT" -o jsonpath='{.spec.template.spec.volumes[?(@.name=="bridge-data")].persistentVolumeClaim.claimName}')"

# stop the main bridge process
kubectl -n "$NAMESPACE" scale deploy/"$DEPLOYMENT" --replicas=0
kubectl -n "$NAMESPACE" rollout status deploy/"$DEPLOYMENT"

# start a temporary interactive bridge process in CLI mode
kubectl -n "$NAMESPACE" run "${RELEASE}-login" \
--rm -it --restart=Never \
--image "$IMAGE" \
--overrides "$(cat <<JSON
{
\"apiVersion\": \"v1\",
\"spec\": {
\"containers\": [
{
\"name\": \"proton-bridge\",
\"image\": \"$IMAGE\",
\"env\": [{\"name\":\"BRIDGE_MODE\",\"value\":\"cli\"}],
\"envFrom\": [{\"secretRef\":{\"name\":\"$SECRET_NAME\"}}],
\"stdin\": true,
\"tty\": true,
\"volumeMounts\": [{\"name\":\"bridge-data\",\"mountPath\":\"/home/bridge\"}]
}
],
\"volumes\": [
{
\"name\": \"bridge-data\",
\"persistentVolumeClaim\": {
\"claimName\": \"$PVC_NAME\"
}
}
]
}
}
JSON
)"

# after login and exit from the CLI pod, start normal service mode again
kubectl -n "$NAMESPACE" scale deploy/"$DEPLOYMENT" --replicas=1
kubectl -n "$NAMESPACE" rollout status deploy/"$DEPLOYMENT"
```

## Defaults

- Service type: `ClusterIP`
Expand Down
4 changes: 4 additions & 0 deletions charts/proton-bridge/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,7 @@

3. Optional test from inside cluster:
kubectl run -it --rm smtp-test --image=busybox:1.36 --restart=Never -- nc -vz {{ include "proton-bridge.fullname" . }} {{ .Values.service.smtp.port }}

4. Interactive login workflow (required for first auth):
Scale deployment to zero, run a temporary pod with BRIDGE_MODE=cli against the same PVC, then scale back up.
See charts/proton-bridge/README.md#login-workflow
Loading