Home > Back-end >  How can I use OpenShift built in Ingress to expose SMTP/IMAP?
How can I use OpenShift built in Ingress to expose SMTP/IMAP?

Time:05-14

Can I use OpenShift built in Ingress operator to expose SMTP and IMAP services?

I can't use NodePort Service as I have a cluster that is setup to not expose any public node IPs, all traffic goes through a single api node (very annoying but that's the tooling I have to work with).

I can't use routes as described here: Openshift route to accept SMTP requests

I found this but it is http based and uses routes under the covers: https://www.tutorialworks.com/openshift-ingress/

I have a docker mailserver running - SMTP send from within the cluster works fine.

What I want is an Ingress that exposes the SMTP/IMAP protocol services on standard SMTP/IMAP ports. I don't need load balancing, HA, multiple host names, etc. For IMAP I don't even need TLS (this is an internal test system).

Here's what I have tried in my mailserver namespace that yields Couldn't connect to host, port: imap.mycluster.mycompany.com, 143; from outside the cluster. Just trying to get IMAP working first.

apiVersion: v1
kind: Service
metadata:
  name: mailserver-imap
  labels:
    app: mailserver
spec:
  type: ClusterIP
  selector:
    app: mailserver
  ports:
    - name: imap
      port: 143
      targetPort: imap
      protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: imap
spec:
  defaultBackend:
    service:
      name: mailserver-imap
      port:
        number: 143

CodePudding user response:

If you need direct TCP access to pods over anything other than the standard HTTP(S) ports, the recommended method is to expose the pod's Service object as a LoadBalancer (this is the most robust option). So your service would look more like

apiVersion: v1
kind: Service
metadata:
  name: mailserver-imap
  labels:
    app: mailserver
spec:
  type: LoadBalancer
  selector:
    app: mailserver
  ports:
    - name: imap
      port: 143
      targetPort: imap
      protocol: TCP

Additional resources:

CodePudding user response:

Depending of your tolerance to using alpha/beta software, maybe you could be interested by the next generation of k8s ingress/route named"Gateway API"
This next generation ingress API addresses most of the limitations of current ingress/routes/nodeports etc

Its is currently possible to deploy aGatewayimplementation in OCP and use it, most current ingress controller have an implementation of the API. This includes HAProxy, nginx etc...

Some pointers here:

  • Related