Can I use OpenShift built in Ingress operator to expose SMTP and IMAP services?
I can't use NodePort Service as I have a cluster that is setup to not expose any public node IPs, all traffic goes through a single api node (very annoying but that's the tooling I have to work with).
I can't use routes as described here: Openshift route to accept SMTP requests
I found this but it is http based and uses routes under the covers: https://www.tutorialworks.com/openshift-ingress/
I have a docker mailserver running - SMTP send from within the cluster works fine.
What I want is an Ingress that exposes the SMTP/IMAP protocol services on standard SMTP/IMAP ports. I don't need load balancing, HA, multiple host names, etc. For IMAP I don't even need TLS (this is an internal test system).
Here's what I have tried in my mailserver namespace that yields Couldn't connect to host, port: imap.mycluster.mycompany.com, 143;
from outside the cluster. Just trying to get IMAP working first.
apiVersion: v1
kind: Service
metadata:
name: mailserver-imap
labels:
app: mailserver
spec:
type: ClusterIP
selector:
app: mailserver
ports:
- name: imap
port: 143
targetPort: imap
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: imap
spec:
defaultBackend:
service:
name: mailserver-imap
port:
number: 143
CodePudding user response:
If you need direct TCP access to pods over anything other than the standard HTTP(S) ports, the recommended method is to expose the pod's Service
object as a LoadBalancer (this is the most robust option). So your service would look more like
apiVersion: v1
kind: Service
metadata:
name: mailserver-imap
labels:
app: mailserver
spec:
type: LoadBalancer
selector:
app: mailserver
ports:
- name: imap
port: 143
targetPort: imap
protocol: TCP
Additional resources:
- https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
- https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
CodePudding user response:
Depending of your tolerance to using alpha/beta software, maybe you could be interested by the next generation of k8s ingress/route named"Gateway API"
This next generation ingress API addresses most of the limitations of current ingress/routes/nodeports etc
Its is currently possible to deploy aGateway
implementation in OCP and use it, most current ingress controller have an implementation of the API. This includes HAProxy, nginx etc...
Some pointers here: