docker
/
docker-mailserver
mirror of https://github.com/tomav/docker-mailserver.git
1
0
Fork 0
Code Issues Releases Wiki Activity

docs(chore): Shift pro/con lists to top of each tab 

Additionally make them collapsible but expanded by default (`???+`)
This commit is contained in:
polarathene 2024-03-10 21:34:51 +13:00
parent 6b868539c2
commit 01acb9d021
1 changed files with 28 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
docs/content/config/advanced/kubernetes.md
View File

@ -348,6 +348,13 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
=== "Load-Balancer + Public IP"
???+ abstract "Advantages / Disadvantages"
- [x] Simple
- [ ] Requires the node to have a dedicated, publicly routable IP address
- [ ] Limited to a single node (_associated to the dedicated IP address_)
- [ ] Requires configuring a load balancer
**General**
!!! info
@ -401,14 +408,14 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
ipAddressPools: [ mailserver ]
```
!!! abstract "Advantages / Disadvantages"
=== "External-IP Service"
???+ abstract "Advantages / Disadvantages"
- [x] Simple
- [ ] Requires the node to have a dedicated, publicly routable IP address
- [ ] Limited to a single node (_associated to the dedicated IP address_)
- [ ] Requires configuring a load balancer
=== "External-IP Service"
- [ ] Requires manually setting the IP
**General**
@ -448,21 +455,20 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
- 10.20.30.40
```
!!! abstract "Advantages / Disadvantages"
=== "Host network"
???+ abstract "Advantages / Disadvantages"
- [x] Simple
- [ ] Requires the node to have a dedicated, publicly routable IP address
- [ ] Limited to a single node (_associated to the dedicated IP address_)
- [ ] Requires manually setting the IP
=== "Host network"
- [ ] It is not possible to access DMS via other cluster nodes, only via the node that DMS was deployed on
- [ ] Every port within the container is exposed on the host side
**General**
Using `hostPort` and `hostNetwork: true` is a similar approach to [`network_mode: host` with Docker Compose][docker-docs::compose::network_mode].
[docker-docs::compose::network_mode]: https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode
**Example**
```yaml
@ -496,16 +502,19 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
# ...
```
!!! abstract "Advantages / Disadvantages"
- [x] Simple
- [ ] Requires the node to have a dedicated, publicly routable IP address
- [ ] Limited to a single node (_associated to the dedicated IP address_)
- [ ] It is not possible to access DMS via other cluster nodes, only via the node that DMS was deployed on
- [ ] Every port within the container is exposed on the host side
=== "Using the PROXY Protocol"
???+ abstract "Advantages / Disadvantages"
- [x] Preserves the origin IP address of clients (_which is crucial for DNS related checks_)
- [x] Aligns with a best practice for Kubernetes by using a dedicated ingress, routing external traffic to the k8s cluster (_with the benefits of flexible routing rules_)
- [x] Avoids the restraint of a single [node][Kubernetes-nodes] (_as a workaround to preserve the original client IP_)
- [ ] Introduces complexity by requiring:
- A reverse-proxy / ingress controller (_potentially extra setup_)
- Kubernetes manifest changes for the DMS configured `Service`
- DMS configuration changes for Postfix and Dovecot
- [ ] To keep support for direct connections to DMS services internally within cluster, service ports must be "duplicated" to offer an alternative port for connections using PROXY protocol
!!! question "What is the PROXY protocol?"
PROXY protocol is a network protocol for preserving a clients IP address when the clients TCP connection passes through a proxy.
@ -522,17 +531,6 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
For more information on the PROXY protocol, refer to [our dedicated docs page][docs-mailserver-behind-proxy] on the topic.
!!! abstract "Advantages / Disadvantages"
- [x] Preserves the origin IP address of clients (_which is crucial for DNS related checks_)
- [x] Aligns with a best practice for Kubernetes by using a dedicated ingress, routing external traffic to the k8s cluster (_with the benefits of flexible routing rules_)
- [x] Avoids the restraint of a single [node][Kubernetes-nodes] (_as a workaround to preserve the original client IP_)
- [ ] Introduces complexity by requiring:
- A reverse-proxy / ingress controller (_potentially extra setup_)
- Kubernetes manifest changes for the DMS configured `Service`
- DMS configuration changes for Postfix and Dovecot
- [ ] To keep support for direct connections to DMS services internally within cluster, service ports must be "duplicated" to offer an alternative port for connections using PROXY protocol
**Examples**
A complete configuration, with duplicated ports, can be found down below in the "Traefik" section. The Postfx and Dovecot configuration is identical for other proxies (like NGINX).
@ -756,6 +754,7 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
[docs-dovecot]: ./override-defaults/dovecot.md
[docs-postfix]: ./override-defaults/postfix.md
[docs-mailserver-behind-proxy]: ../../examples/tutorials/mailserver-behind-proxy.md
[docker-docs::compose::network_mode]: https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode
[dockerhub-haproxy]: https://hub.docker.com/_/haproxy
[Kubernetes-nginx]: https://kubernetes.github.io/ingress-nginx
[Kubernetes-nginx-expose]: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services