2021-03-28 12:40:56 +00:00
<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
< meta name = "description" content = "A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker." >
< meta name = "author" content = "docker-mailserver (Github Organization)" >
< link rel = "canonical" href = "https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/" >
< link rel = "icon" href = "../../../assets/logo/favicon-32x32.png" >
2021-04-10 14:35:39 +00:00
< meta name = "generator" content = "mkdocs-1.1.2, mkdocs-material-7.1.1" >
2021-03-28 12:40:56 +00:00
< title > Advanced | Kubernetes - Docker Mailserver< / title >
2021-04-10 14:35:39 +00:00
< link rel = "stylesheet" href = "../../../assets/stylesheets/main.9299cb39.min.css" >
2021-03-28 12:40:56 +00:00
2021-04-01 20:45:17 +00:00
< link rel = "stylesheet" href = "../../../assets/stylesheets/palette.ef6f36e2.min.css" >
2021-03-28 12:40:56 +00:00
< link rel = "preconnect" href = "https://fonts.gstatic.com" crossorigin >
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" >
< style > : root { --md-text-font-family : "Roboto" ; --md-code-font-family : "Roboto Mono" } < / style >
< link rel = "stylesheet" href = "../../../assets/css/customizations.css" >
< / head >
2021-04-08 10:28:06 +00:00
2021-03-28 12:40:56 +00:00
2021-04-08 10:28:06 +00:00
< body dir = "ltr" data-md-color-scheme = "default" data-md-color-primary = "indigo" data-md-color-accent = "indigo" >
2021-03-28 12:40:56 +00:00
2021-04-01 20:45:17 +00:00
< script > function _ _prefix ( e ) { return new URL ( "../../.." , location ) . pathname + "." + e } function _ _get ( e , t = localStorage ) { return JSON . parse ( t . getItem ( _ _prefix ( e ) ) ) } < / script >
2021-04-08 10:28:06 +00:00
< script > var palette = _ _get ( "__palette" ) ; if ( null !== palette && "object" == typeof palette . color ) for ( var key in palette . color ) document . body . setAttribute ( "data-md-color-" + key , palette . color [ key ] ) < / script >
2021-03-28 12:40:56 +00:00
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
< label class = "md-overlay" for = "__drawer" > < / label >
< div data-md-component = "skip" >
< a href = "#deployment-example" class = "md-skip" >
Skip to content
< / a >
< / div >
< div data-md-component = "announce" >
< / div >
< header class = "md-header" data-md-component = "header" >
< nav class = "md-header__inner md-grid" aria-label = "Header" >
< a href = "../../.." title = "Docker Mailserver" class = "md-header__button md-logo" aria-label = "Docker Mailserver" data-md-component = "logo" >
< img src = "../../../assets/logo/dmo-logo-white.svg" alt = "logo" >
< / a >
< label class = "md-header__button md-icon" for = "__drawer" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z" / > < / svg >
< / label >
< div class = "md-header__title" data-md-component = "header-title" >
< div class = "md-header__ellipsis" >
< div class = "md-header__topic" >
< span class = "md-ellipsis" >
Docker Mailserver
< / span >
< / div >
< div class = "md-header__topic" data-md-component = "header-topic" >
< span class = "md-ellipsis" >
Advanced | Kubernetes
< / span >
< / div >
< / div >
< / div >
2021-04-01 20:45:17 +00:00
2021-04-08 10:28:06 +00:00
< form class = "md-header__option" data-md-component = "palette" >
< input class = "md-option" data-md-color-media = "(prefers-color-scheme: light)" data-md-color-scheme = "default" data-md-color-primary = "indigo" data-md-color-accent = "indigo" type = "radio" name = "__palette" id = "__palette_1" >
< label class = "md-header__button md-icon" title = "Switch to dark mode" for = "__palette_2" hidden >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31z" / > < / svg >
< / label >
< input class = "md-option" data-md-color-media = "(prefers-color-scheme: dark)" data-md-color-scheme = "slate" data-md-color-primary = "indigo" data-md-color-accent = "blue" type = "radio" name = "__palette" id = "__palette_2" >
< label class = "md-header__button md-icon" title = "Switch to light mode" for = "__palette_1" hidden >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22z" / > < / svg >
< / label >
< / form >
2021-04-01 20:45:17 +00:00
2021-03-28 12:40:56 +00:00
< label class = "md-header__button md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg >
< / label >
< div class = "md-search" data-md-component = "search" role = "dialog" >
< label class = "md-search__overlay" for = "__search" > < / label >
< div class = "md-search__inner" role = "search" >
< form class = "md-search__form" name = "search" >
< input type = "text" class = "md-search__input" name = "query" aria-label = "Search" placeholder = "Search" autocapitalize = "off" autocorrect = "off" autocomplete = "off" spellcheck = "false" data-md-component = "search-query" data-md-state = "active" required >
< label class = "md-search__icon md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg >
< / label >
< button type = "reset" class = "md-search__icon md-icon" aria-label = "Clear" tabindex = "-1" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z" / > < / svg >
< / button >
< / form >
< div class = "md-search__output" >
< div class = "md-search__scrollwrap" data-md-scrollfix >
< div class = "md-search-result" data-md-component = "search-result" >
< div class = "md-search-result__meta" >
Initializing search
< / div >
< ol class = "md-search-result__list" > < / ol >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "md-header__source" >
< a href = "https://github.com/docker-mailserver/docker-mailserver/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 496 512" > < path d = "M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z" / > < / svg >
< / div >
< div class = "md-source__repository" >
docker-mailserver
< / div >
< / a >
< / div >
< / nav >
< / header >
< div class = "md-container" data-md-component = "container" >
< nav class = "md-tabs" aria-label = "Tabs" data-md-component = "tabs" >
< div class = "md-tabs__inner md-grid" >
< ul class = "md-tabs__list" >
< li class = "md-tabs__item" >
< a href = "../../.." class = "md-tabs__link" >
Home
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../introduction/" class = "md-tabs__link" >
Introduction
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../setup.sh/" class = "md-tabs__link md-tabs__link--active" >
Configuration
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../examples/tutorials/basic-installation/" class = "md-tabs__link" >
Examples
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../faq/" class = "md-tabs__link" >
FAQ
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../contributing/issues-and-pull-requests/" class = "md-tabs__link" >
Contributing
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "https://hub.docker.com/repository/docker/mailserver/docker-mailserver" class = "md-tabs__link" >
DockerHub
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "https://github.com/orgs/docker-mailserver/packages/container/package/docker-mailserver" class = "md-tabs__link" >
GHCR
< / a >
< / li >
< / ul >
< / div >
< / nav >
< main class = "md-main" data-md-component = "main" >
< div class = "md-main__inner md-grid" >
< div class = "md-sidebar md-sidebar--primary" data-md-component = "sidebar" data-md-type = "navigation" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--primary md-nav--lifted" aria-label = "Navigation" data-md-level = "0" >
< label class = "md-nav__title" for = "__drawer" >
< a href = "../../.." title = "Docker Mailserver" class = "md-nav__button md-logo" aria-label = "Docker Mailserver" data-md-component = "logo" >
< img src = "../../../assets/logo/dmo-logo-white.svg" alt = "logo" >
< / a >
Docker Mailserver
< / label >
< div class = "md-nav__source" >
< a href = "https://github.com/docker-mailserver/docker-mailserver/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 496 512" > < path d = "M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z" / > < / svg >
< / div >
< div class = "md-source__repository" >
docker-mailserver
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../.." class = "md-nav__link" >
Home
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../introduction/" class = "md-nav__link" >
Introduction
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3" type = "checkbox" id = "__nav_3" checked >
< label class = "md-nav__link" for = "__nav_3" >
Configuration
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Configuration" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_3" >
< span class = "md-nav__icon md-icon" > < / span >
Configuration
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../setup.sh/" class = "md-nav__link" >
Your Best Friend setup.sh
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_2" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_2" checked >
< label class = "md-nav__link" for = "__nav_3_2" >
User Management
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "User Management" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_3_2" >
< span class = "md-nav__icon md-icon" > < / span >
User Management
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../user-management/accounts/" class = "md-nav__link" >
Accounts
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../user-management/aliases/" class = "md-nav__link" >
Aliases
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_3" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_3" checked >
< label class = "md-nav__link" for = "__nav_3_3" >
Best Practices
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Best Practices" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_3_3" >
< span class = "md-nav__icon md-icon" > < / span >
Best Practices
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../best-practices/dkim/" class = "md-nav__link" >
DKIM
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../best-practices/dmarc/" class = "md-nav__link" >
DMARC
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../best-practices/spf/" class = "md-nav__link" >
SPF
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../best-practices/autodiscover/" class = "md-nav__link" >
Auto-discovery
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_4" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_4" checked >
< label class = "md-nav__link" for = "__nav_3_4" >
Security
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Security" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_3_4" >
< span class = "md-nav__icon md-icon" > < / span >
Security
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../security/understanding-the-ports/" class = "md-nav__link" >
Understanding the Ports
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../security/ssl/" class = "md-nav__link" >
SSL/TLS
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../security/fail2ban/" class = "md-nav__link" >
Fail2Ban
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_5" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_5" checked >
< label class = "md-nav__link" for = "__nav_3_5" >
Troubleshooting
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Troubleshooting" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_3_5" >
< span class = "md-nav__icon md-icon" > < / span >
Troubleshooting
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../troubleshooting/debugging/" class = "md-nav__link" >
Debugging
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../../pop3/" class = "md-nav__link" >
Mail Delivery with POP3
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_7" type = "checkbox" id = "__nav_3_7" checked >
< label class = "md-nav__link" for = "__nav_3_7" >
Advanced Configuration
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Advanced Configuration" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_3_7" >
< span class = "md-nav__icon md-icon" > < / span >
Advanced Configuration
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../optional-config/" class = "md-nav__link" >
Optional Configuration
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_7_2" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_7_2" checked >
< label class = "md-nav__link" for = "__nav_3_7_2" >
Maintenance
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Maintenance" data-md-level = "3" >
< label class = "md-nav__title" for = "__nav_3_7_2" >
< span class = "md-nav__icon md-icon" > < / span >
Maintenance
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../maintenance/update-and-cleanup/" class = "md-nav__link" >
Update and Cleanup
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_7_3" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_7_3" checked >
< label class = "md-nav__link" for = "__nav_3_7_3" >
Override the Default Configs
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Override the Default Configs" data-md-level = "3" >
< label class = "md-nav__title" for = "__nav_3_7_3" >
< span class = "md-nav__icon md-icon" > < / span >
Override the Default Configs
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../override-defaults/dovecot/" class = "md-nav__link" >
Dovecot
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../override-defaults/postfix/" class = "md-nav__link" >
Postfix
< / a >
< / li >
2021-04-01 20:45:17 +00:00
< li class = "md-nav__item" >
< a href = "../override-defaults/user-patches/" class = "md-nav__link" >
Modifications via Script
< / a >
< / li >
2021-03-28 12:40:56 +00:00
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../auth-ldap/" class = "md-nav__link" >
LDAP Authentication
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../mail-sieve/" class = "md-nav__link" >
Email Filtering with Sieve
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../mail-fetchmail/" class = "md-nav__link" >
Email Gathering with Fetchmail
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_3_7_7" data-md-state = "indeterminate" type = "checkbox" id = "__nav_3_7_7" checked >
< label class = "md-nav__link" for = "__nav_3_7_7" >
Email Forwarding
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Email Forwarding" data-md-level = "3" >
< label class = "md-nav__title" for = "__nav_3_7_7" >
< span class = "md-nav__icon md-icon" > < / span >
Email Forwarding
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../mail-forwarding/relay-hosts/" class = "md-nav__link" >
Relay Hosts
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../mail-forwarding/aws-ses/" class = "md-nav__link" >
AWS SES
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../full-text-search/" class = "md-nav__link" >
Full-Text Search
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "toc" type = "checkbox" id = "__toc" >
< label class = "md-nav__link md-nav__link--active" for = "__toc" >
Kubernetes
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< a href = "./" class = "md-nav__link md-nav__link--active" >
Kubernetes
< / a >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#deployment-example" class = "md-nav__link" >
Deployment Example
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#exposing-to-the-outside-world" class = "md-nav__link" >
Exposing to the Outside World
< / a >
< nav class = "md-nav" aria-label = "Exposing to the Outside World" >
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
< a href = "#external-ips-service" class = "md-nav__link" >
External IPs Service
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#proxy-port-to-service" class = "md-nav__link" >
Proxy port to Service
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#bind-to-concrete-node-and-use-host-network" class = "md-nav__link" >
Bind to concrete Node and use host network
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#proxy-port-to-service-via-proxy-protocol" class = "md-nav__link" >
Proxy Port to Service via PROXY Protocol
< / a >
< nav class = "md-nav" aria-label = "Proxy Port to Service via PROXY Protocol" >
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
< a href = "#configure-your-ingress" class = "md-nav__link" >
Configure your Ingress
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#configure-the-mailserver" class = "md-nav__link" >
Configure the Mailserver
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "#lets-encrypt-certificates" class = "md-nav__link" >
Let's Encrypt Certificates
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../ipv6/" class = "md-nav__link" >
IPv6
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_4" data-md-state = "indeterminate" type = "checkbox" id = "__nav_4" checked >
< label class = "md-nav__link" for = "__nav_4" >
Examples
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Examples" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_4" >
< span class = "md-nav__icon md-icon" > < / span >
Examples
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_4_1" data-md-state = "indeterminate" type = "checkbox" id = "__nav_4_1" checked >
< label class = "md-nav__link" for = "__nav_4_1" >
Tutorials
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Tutorials" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_4_1" >
< span class = "md-nav__icon md-icon" > < / span >
Tutorials
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../examples/tutorials/basic-installation/" class = "md-nav__link" >
Basic Installation
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../examples/tutorials/mailserver-behind-proxy/" class = "md-nav__link" >
Mailserver behind Proxy
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_4_2" data-md-state = "indeterminate" type = "checkbox" id = "__nav_4_2" checked >
< label class = "md-nav__link" for = "__nav_4_2" >
Use Cases
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Use Cases" data-md-level = "2" >
< label class = "md-nav__title" for = "__nav_4_2" >
< span class = "md-nav__icon md-icon" > < / span >
Use Cases
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class = "md-nav__link" >
Forward-Only Mailserver with LDAP
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../../../faq/" class = "md-nav__link" >
FAQ
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_6" data-md-state = "indeterminate" type = "checkbox" id = "__nav_6" checked >
< label class = "md-nav__link" for = "__nav_6" >
Contributing
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Contributing" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_6" >
< span class = "md-nav__icon md-icon" > < / span >
Contributing
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../contributing/issues-and-pull-requests/" class = "md-nav__link" >
Issues and Pull Requests
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../contributing/coding-style/" class = "md-nav__link" >
Coding Style
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../contributing/tests/" class = "md-nav__link" >
Tests
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../contributing/documentation/" class = "md-nav__link" >
Documentation
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "https://hub.docker.com/repository/docker/mailserver/docker-mailserver" class = "md-nav__link" >
DockerHub
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "https://github.com/orgs/docker-mailserver/packages/container/package/docker-mailserver" class = "md-nav__link" >
GHCR
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-sidebar md-sidebar--secondary" data-md-component = "sidebar" data-md-type = "toc" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#deployment-example" class = "md-nav__link" >
Deployment Example
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#exposing-to-the-outside-world" class = "md-nav__link" >
Exposing to the Outside World
< / a >
< nav class = "md-nav" aria-label = "Exposing to the Outside World" >
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
< a href = "#external-ips-service" class = "md-nav__link" >
External IPs Service
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#proxy-port-to-service" class = "md-nav__link" >
Proxy port to Service
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#bind-to-concrete-node-and-use-host-network" class = "md-nav__link" >
Bind to concrete Node and use host network
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#proxy-port-to-service-via-proxy-protocol" class = "md-nav__link" >
Proxy Port to Service via PROXY Protocol
< / a >
< nav class = "md-nav" aria-label = "Proxy Port to Service via PROXY Protocol" >
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
< a href = "#configure-your-ingress" class = "md-nav__link" >
Configure your Ingress
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#configure-the-mailserver" class = "md-nav__link" >
Configure the Mailserver
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "#lets-encrypt-certificates" class = "md-nav__link" >
Let's Encrypt Certificates
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-content" data-md-component = "content" >
< article class = "md-content__inner md-typeset" >
< a href = "https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/config/advanced/kubernetes.md" title = "Edit this page" class = "md-content__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z" / > < / svg >
< / a >
< h1 > Kubernetes< / h1 >
< h2 id = "deployment-example" > < a class = "toclink" href = "#deployment-example" > Deployment Example< / a > < / h2 >
< p > There is nothing much in deploying mailserver to Kubernetes itself. The things are pretty same as in < a href = "https://github.com/docker-mailserver/docker-mailserver/blob/master/docker-compose.yml" > < code > docker-compose.yml< / code > < / a > , but with Kubernetes syntax.< / p >
< details class = "example" > < summary > ConfigMap< / summary > < div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Namespace< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nn" > ---< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > ConfigMap< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.env.config< / span >
< span class = "nt" > namespace< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > data< / span > < span class = "p" > :< / span >
< span class = "nt" > OVERRIDE_HOSTNAME< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > example.com< / span >
< span class = "nt" > ENABLE_FETCHMAIL< / span > < span class = "p" > :< / span > < span class = "s" > " 0" < / span >
< span class = "nt" > FETCHMAIL_POLL< / span > < span class = "p" > :< / span > < span class = "s" > " 120" < / span >
< span class = "nt" > ENABLE_SPAMASSASSIN< / span > < span class = "p" > :< / span > < span class = "s" > " 0" < / span >
< span class = "nt" > ENABLE_CLAMAV< / span > < span class = "p" > :< / span > < span class = "s" > " 0" < / span >
< span class = "nt" > ENABLE_FAIL2BAN< / span > < span class = "p" > :< / span > < span class = "s" > " 0" < / span >
< span class = "nt" > ENABLE_POSTGREY< / span > < span class = "p" > :< / span > < span class = "s" > " 0" < / span >
< span class = "nt" > ONE_DIR< / span > < span class = "p" > :< / span > < span class = "s" > " 1" < / span >
< span class = "nt" > DMS_DEBUG< / span > < span class = "p" > :< / span > < span class = "s" > " 0" < / span >
< span class = "nn" > ---< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > ConfigMap< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.config< / span >
< span class = "nt" > namespace< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > data< / span > < span class = "p" > :< / span >
< span class = "nt" > postfix-accounts.cf< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > user1@example.com|{SHA512-CRYPT}$6$2YpW1nYtPBs2yLYS$z.5PGH1OEzsHHNhl3gJrc3D.YMZkvKw/vp.r5WIiwya6z7P/CQ9GDEJDr2G2V0cAfjDFeAQPUoopsuWPXLk3u1< / span >
< span class = "nt" > postfix-virtual.cf< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > alias1@example.com user1@dexample.com< / span >
< span class = "c1" > #dovecot.cf: |< / span >
< span class = "c1" > # service stats {< / span >
< span class = "c1" > # unix_listener stats-reader {< / span >
< span class = "c1" > # group = docker< / span >
< span class = "c1" > # mode = 0666< / span >
< span class = "c1" > # }< / span >
< span class = "c1" > # unix_listener stats-writer {< / span >
< span class = "c1" > # group = docker< / span >
< span class = "c1" > # mode = 0666< / span >
< span class = "c1" > # }< / span >
< span class = "c1" > # }< / span >
< span class = "nt" > SigningTable< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > *@example.com mail._domainkey.example.com< / span >
< span class = "nt" > KeyTable< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com-mail.key< / span >
< span class = "nt" > TrustedHosts< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > 127.0.0.1< / span >
< span class = "no" > localhost< / span >
< span class = "c1" > #user-patches.sh: |< / span >
< span class = "c1" > # #!/bin/bash< / span >
< span class = "c1" > #fetchmail.cf: |< / span >
< / code > < / pre > < / div >
< / details >
< details class = "example" > < summary > Secret< / summary > < div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Namespace< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nn" > ---< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Secret< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.opendkim.keys< / span >
< span class = "nt" > namespace< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > type< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Opaque< / span >
< span class = "nt" > data< / span > < span class = "p" > :< / span >
< span class = "nt" > example.com-mail.key< / span > < span class = "p" > :< / span > < span class = "s" > ' base64-encoded-DKIM-key' < / span >
< / code > < / pre > < / div >
< / details >
< details class = "example" > < summary > Service< / summary > < div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Namespace< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nn" > ---< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Service< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > namespace< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > selector< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > ports< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp< / span >
< span class = "nt" > port< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 25< / span >
< span class = "nt" > targetPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-secure< / span >
< span class = "nt" > port< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 465< / span >
< span class = "nt" > targetPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-secure< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-auth< / span >
< span class = "nt" > port< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 587< / span >
< span class = "nt" > targetPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-auth< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap< / span >
< span class = "nt" > port< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 143< / span >
< span class = "nt" > targetPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap-secure< / span >
< span class = "nt" > port< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 993< / span >
< span class = "nt" > targetPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap-secure< / span >
< / code > < / pre > < / div >
< / details >
< details class = "example" > < summary > Deployment< / summary > < div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Namespace< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nn" > ---< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > apps/v1< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Deployment< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > namespace< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > replicas< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 1< / span >
< span class = "nt" > selector< / span > < span class = "p" > :< / span >
< span class = "nt" > matchLabels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > template< / span > < span class = "p" > :< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > role< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mail< / span >
< span class = "nt" > tier< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > backend< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "c1" > #nodeSelector:< / span >
< span class = "c1" > # kubernetes.io/hostname: local.k8s< / span >
< span class = "c1" > #initContainers:< / span >
< span class = "c1" > #- name: init-myservice< / span >
< span class = "c1" > # image: busybox< / span >
< span class = "c1" > # command: [" /bin/sh" , " -c" , " cp /tmp/user-patches.sh /tmp/files" ]< / span >
< span class = "c1" > # volumeMounts:< / span >
< span class = "c1" > # - name: config< / span >
< span class = "c1" > # subPath: user-patches.sh< / span >
< span class = "c1" > # mountPath: /tmp/user-patches.sh< / span >
< span class = "c1" > # readOnly: true< / span >
< span class = "c1" > # - name: tmp-files< / span >
< span class = "c1" > # mountPath: /tmp/files< / span >
< span class = "nt" > containers< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > docker-mailserver< / span >
< span class = "nt" > image< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver/docker-mailserver:latest< / span >
< span class = "nt" > imagePullPolicy< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Always< / span >
< span class = "nt" > volumeMounts< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > postfix-accounts.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/postfix-accounts.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "c1" > #- name: config< / span >
< span class = "c1" > # subPath: postfix-main.cf< / span >
< span class = "c1" > # mountPath: /tmp/docker-mailserver/postfix-main.cf< / span >
< span class = "c1" > # readOnly: true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > postfix-virtual.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/postfix-virtual.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > fetchmail.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/fetchmail.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > dovecot.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/dovecot.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "c1" > #- name: config< / span >
< span class = "c1" > # subPath: user1.example.com.dovecot.sieve< / span >
< span class = "c1" > # mountPath: /tmp/docker-mailserver/user1@example.com.dovecot.sieve< / span >
< span class = "c1" > # readOnly: true< / span >
< span class = "c1" > #- name: tmp-files< / span >
< span class = "c1" > # subPath: user-patches.sh< / span >
< span class = "c1" > # mountPath: /tmp/docker-mailserver/user-patches.sh< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > SigningTable< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/opendkim/SigningTable< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > KeyTable< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/opendkim/KeyTable< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > TrustedHosts< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/opendkim/TrustedHosts< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > opendkim-keys< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/opendkim/keys< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > data< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /var/mail< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > data< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > data< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /var/mail-state< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > state< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > data< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /var/log/mail< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > log< / span >
< span class = "nt" > ports< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 25< / span >
< span class = "nt" > protocol< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > TCP< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-secure< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 465< / span >
< span class = "nt" > protocol< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > TCP< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-auth< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 587< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 143< / span >
< span class = "nt" > protocol< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > TCP< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap-secure< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 993< / span >
< span class = "nt" > protocol< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > TCP< / span >
< span class = "nt" > envFrom< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > configMapRef< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.env.config< / span >
< span class = "nt" > volumes< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > configMap< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.config< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > opendkim-keys< / span >
< span class = "nt" > secret< / span > < span class = "p" > :< / span >
< span class = "nt" > secretName< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.opendkim.keys< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > data< / span >
< span class = "nt" > persistentVolumeClaim< / span > < span class = "p" > :< / span >
< span class = "nt" > claimName< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mail-storage< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > tmp-files< / span >
< span class = "nt" > emptyDir< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > {}< / span >
< / code > < / pre > < / div >
< / details >
< div class = "admonition warning" >
< p class = "admonition-title" > Warning< / p >
< p > Any sensitive data (keys, etc) should be deployed via < a href = "https://kubernetes.io/docs/concepts/configuration/secret" > Secrets< / a > . Other configuration just fits well into < a href = "https://kubernetes.io/docs/tasks/configure-pod-container/configmap" > ConfigMaps< / a > .< / p >
< / div >
< div class = "admonition note" >
< p class = "admonition-title" > Note< / p >
< p > Make sure that < a href = "https://kubernetes.io/docs/concepts/workloads/pods/pod" > Pod< / a > is < a href = "https://kubernetes.io/docs/concepts/configuration/assign-pod-node" > assigned< / a > to specific < a href = "https://kubernetes.io/docs/concepts/architecture/nodes" > Node< / a > in case you're using volume for data directly with < code > hostPath< / code > . Otherwise Pod can be rescheduled on a different Node and previous data won't be found. Except the case when you're using some shared filesystem on your Nodes.< / p >
< / div >
< h2 id = "exposing-to-the-outside-world" > < a class = "toclink" href = "#exposing-to-the-outside-world" > Exposing to the Outside World< / a > < / h2 >
< p > The hard part with Kubernetes is to expose deployed mailserver to outside world. Kubernetes provides multiple ways for doing that. Each has its downsides and complexity.< / p >
< p > The major problem with exposing mailserver to outside world in Kubernetes is to < a href = "https://kubernetes.io/docs/tutorials/services/source-ip" > preserve real client IP< / a > . Real client IP is required by mailserver for performing IP-based SPF checks and spam checks.< / p >
< p > Preserving real client IP is relatively < a href = "https://kubernetes.io/docs/tutorials/services/source-ip" > non-trivial in Kubernetes< / a > and most exposing ways do not provide it. So, it's up to you to decide which exposing way suits better your needs in a price of complexity.< / p >
< p > If you do not require SPF checks for incoming mails you may disable them in < a href = "../override-defaults/postfix/" > Postfix configuration< / a > by dropping following line (which removes < code > check_policy_service unix:private/policyd-spf< / code > option):< / p >
< div class = "admonition example" >
< p class = "admonition-title" > Example< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > ConfigMap< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.config< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > data< / span > < span class = "p" > :< / span >
< span class = "nt" > postfix-main.cf< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net< / span >
< span class = "c1" > # ...< / span >
< span class = "nn" > ---< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Deployment< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > extensions/v1beta1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > volumeMounts< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > postfix-main.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/postfix-main.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< / code > < / pre > < / div >
< / div >
< h3 id = "external-ips-service" > < a class = "toclink" href = "#external-ips-service" > External IPs Service< / a > < / h3 >
< p > The simplest way is to expose mailserver as a < a href = "https://kubernetes.io/docs/concepts/services-networking/service" > Service< / a > with < a href = "https://kubernetes.io/docs/concepts/services-networking/service/#external-ips" > external IPs< / a > .< / p >
< div class = "admonition example" >
< p class = "admonition-title" > Example< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Service< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > selector< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > ports< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp< / span >
< span class = "nt" > port< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 25< / span >
< span class = "nt" > targetPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp< / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > externalIPs< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "l l-Scalar l-Scalar-Plain" > 80.11.12.10< / span >
< / code > < / pre > < / div >
< / div >
< p > < strong > Downsides< / strong > < / p >
< ul >
< li >
< p > < strong > Real client IP is not preserved< / strong > , so SPF check of incoming mail will fail.< / p >
< / li >
< li >
< p > Requirement to specify exposed IPs explicitly.< / p >
< / li >
< / ul >
< h3 id = "proxy-port-to-service" > < a class = "toclink" href = "#proxy-port-to-service" > Proxy port to Service< / a > < / h3 >
< p > The < a href = "https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service" > Proxy Pod< / a > helps to avoid necessity of specifying external IPs explicitly. This comes in price of complexity: you must deploy Proxy Pod on each < a href = "https://kubernetes.io/docs/concepts/architecture/nodes" > Node< / a > you want to expose mailserver on.< / p >
< p > < strong > Downsides< / strong > < / p >
< ul >
< li > < strong > Real client IP is not preserved< / strong > , so SPF check of incoming mail will fail.< / li >
< / ul >
< h3 id = "bind-to-concrete-node-and-use-host-network" > < a class = "toclink" href = "#bind-to-concrete-node-and-use-host-network" > Bind to concrete Node and use host network< / a > < / h3 >
< p > The simplest way to preserve real client IP is to use < code > hostPort< / code > and < code > hostNetwork: true< / code > in the mailserver < a href = "https://kubernetes.io/docs/concepts/workloads/pods/pod" > Pod< / a > . This comes in price of availability: you can talk to mailserver from outside world only via IPs of < a href = "https://kubernetes.io/docs/concepts/architecture/nodes" > Node< / a > where mailserver is deployed.< / p >
< div class = "admonition example" >
< p class = "admonition-title" > Example< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Deployment< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > extensions/v1beta1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > hostNetwork< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > containers< / span > < span class = "p" > :< / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > ports< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 25< / span >
< span class = "nt" > hostPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 25< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > smtp-auth< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 587< / span >
< span class = "nt" > hostPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 587< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > imap-secure< / span >
< span class = "nt" > containerPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 993< / span >
< span class = "nt" > hostPort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 993< / span >
< span class = "c1" > # ...< / span >
< / code > < / pre > < / div >
< / div >
< p > < strong > Downsides< / strong > < / p >
< ul >
< li > Not possible to access mailserver via other cluster Nodes, only via the one mailserver deployed at.< / li >
< li > Every Port within the Container is exposed on the Host side, regardless of what the < code > ports< / code > section in the Configuration defines. < / li >
< / ul >
< h3 id = "proxy-port-to-service-via-proxy-protocol" > < a class = "toclink" href = "#proxy-port-to-service-via-proxy-protocol" > Proxy Port to Service via PROXY Protocol< / a > < / h3 >
< p > This way is ideologically the same as < a href = "#proxy-port-to-service" > using Proxy Pod< / a > , but instead of a separate proxy pod, you configure your ingress to proxy TCP traffic to the mailserver pod using the PROXY protocol, which preserves the real client IP.< / p >
< h4 id = "configure-your-ingress" > < a class = "toclink" href = "#configure-your-ingress" > Configure your Ingress< / a > < / h4 >
< p > With an < a href = "https://kubernetes.github.io/ingress-nginx" > NGINX ingress controller< / a > , set < code > externalTrafficPolicy: Local< / code > for its service, and add the following to the TCP services config map (as described < a href = "https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services" > here< / a > ):< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > 25< / span > < span class = "p" > :< / span > < span class = "s" > " mailserver/mailserver:25::PROXY" < / span >
< span class = "nt" > 465< / span > < span class = "p" > :< / span > < span class = "s" > " mailserver/mailserver:465::PROXY" < / span >
< span class = "nt" > 587< / span > < span class = "p" > :< / span > < span class = "s" > " mailserver/mailserver:587::PROXY" < / span >
< span class = "nt" > 993< / span > < span class = "p" > :< / span > < span class = "s" > " mailserver/mailserver:993::PROXY" < / span >
< / code > < / pre > < / div >
< p > With < a href = "https://hub.docker.com/_/haproxy" > HAProxy< / a > , the configuration should look similar to the above. If you know what it actually looks like, add an example here. < img alt = "😃" class = "twemoji" src = "https://twemoji.maxcdn.com/v/latest/svg/1f603.svg" title = ":smiley:" / > < / p >
< h4 id = "configure-the-mailserver" > < a class = "toclink" href = "#configure-the-mailserver" > Configure the Mailserver< / a > < / h4 >
< p > Then, configure both < a href = "../override-defaults/postfix/" > Postfix< / a > and < a href = "../override-defaults/dovecot/" > Dovecot< / a > to expect the PROXY protocol:< / p >
< div class = "admonition example" >
< p class = "admonition-title" > Example< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > ConfigMap< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > v1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.config< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > data< / span > < span class = "p" > :< / span >
< span class = "nt" > postfix-main.cf< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > postscreen_upstream_proxy_protocol = haproxy< / span >
< span class = "nt" > postfix-master.cf< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > smtp/inet/postscreen_upstream_proxy_protocol=haproxy< / span >
< span class = "no" > submission/inet/smtpd_upstream_proxy_protocol=haproxy< / span >
< span class = "no" > smtps/inet/smtpd_upstream_proxy_protocol=haproxy< / span >
< span class = "nt" > dovecot.cf< / span > < span class = "p" > :< / span > < span class = "p p-Indicator" > |< / span >
< span class = "no" > # Assuming your ingress controller is bound to 10.0.0.0/8< / span >
< span class = "no" > haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8< / span >
< span class = "no" > service imap-login {< / span >
< span class = "no" > inet_listener imap {< / span >
< span class = "no" > haproxy = yes< / span >
< span class = "no" > }< / span >
< span class = "no" > inet_listener imaps {< / span >
< span class = "no" > haproxy = yes< / span >
< span class = "no" > }< / span >
< span class = "no" > }< / span >
< span class = "c1" > # ...< / span >
< span class = "nn" > ---< / span >
< span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Deployment< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > extensions/v1beta1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > template< / span > < span class = "p" > :< / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > containers< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > docker-mailserver< / span >
< span class = "nt" > volumeMounts< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > postfix-main.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/postfix-main.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > postfix-master.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/postfix-master.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > config< / span >
< span class = "nt" > subPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > dovecot.cf< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /tmp/docker-mailserver/dovecot.cf< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< / code > < / pre > < / div >
< / div >
< p > < strong > Downsides< / strong > < / p >
< ul >
< li > Not possible to access mailserver via inner cluster Kubernetes DNS, as PROXY protocol is required for incoming connections.< / li >
< / ul >
< h2 id = "lets-encrypt-certificates" > < a class = "toclink" href = "#lets-encrypt-certificates" > Let's Encrypt Certificates< / a > < / h2 >
< p > < a href = "https://github.com/jetstack/kube-lego" > Kube-Lego< / a > may be used for a role of Let's Encrypt client. It works with Kubernetes < a href = "https://kubernetes.io/docs/concepts/services-networking/ingress" > Ingress Resources< / a > and automatically issues/manages certificates/keys for exposed services via Ingresses.< / p >
< div class = "admonition example" >
< p class = "admonition-title" > Example< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nt" > kind< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > Ingress< / span >
< span class = "nt" > apiVersion< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > extensions/v1beta1< / span >
< span class = "nt" > metadata< / span > < span class = "p" > :< / span >
< span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > labels< / span > < span class = "p" > :< / span >
< span class = "nt" > app< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver< / span >
< span class = "nt" > annotations< / span > < span class = "p" > :< / span >
< span class = "nt" > kubernetes.io/tls-acme< / span > < span class = "p" > :< / span > < span class = "s" > ' true' < / span >
< span class = "nt" > spec< / span > < span class = "p" > :< / span >
< span class = "nt" > rules< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > host< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > example.com< / span >
< span class = "nt" > http< / span > < span class = "p" > :< / span >
< span class = "nt" > paths< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > path< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /< / span >
< span class = "nt" > backend< / span > < span class = "p" > :< / span >
< span class = "nt" > serviceName< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > default-backend< / span >
< span class = "nt" > servicePort< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > 80< / span >
< span class = "nt" > tls< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > secretName< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.tls< / span >
< span class = "nt" > hosts< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "l l-Scalar l-Scalar-Plain" > example.com< / span >
< / code > < / pre > < / div >
< / div >
< p > Now, you can use Let's Encrypt cert and key from < code > mailserver.tls< / code > < a href = "https://kubernetes.io/docs/concepts/configuration/secret" > Secret< / a > in your < a href = "https://kubernetes.io/docs/concepts/workloads/pods/pod" > Pod< / a > spec:< / p >
< div class = "admonition example" >
< p class = "admonition-title" > Example< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "c1" > # ...< / span >
< span class = "nt" > env< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > SSL_TYPE< / span >
< span class = "nt" > value< / span > < span class = "p" > :< / span > < span class = "s" > ' manual' < / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > SSL_CERT_PATH< / span >
< span class = "nt" > value< / span > < span class = "p" > :< / span > < span class = "s" > ' /etc/ssl/mailserver/tls.crt' < / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > SSL_KEY_PATH< / span >
< span class = "nt" > value< / span > < span class = "p" > :< / span > < span class = "s" > ' /etc/ssl/mailserver/tls.key' < / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > volumeMounts< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > tls< / span >
< span class = "nt" > mountPath< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > /etc/ssl/mailserver< / span >
< span class = "nt" > readOnly< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > true< / span >
< span class = "c1" > # ...< / span >
< span class = "nt" > volumes< / span > < span class = "p" > :< / span >
< span class = "p p-Indicator" > -< / span > < span class = "nt" > name< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > tls< / span >
< span class = "nt" > secret< / span > < span class = "p" > :< / span >
< span class = "nt" > secretName< / span > < span class = "p" > :< / span > < span class = "l l-Scalar l-Scalar-Plain" > mailserver.tls< / span >
< / code > < / pre > < / div >
< / div >
< / article >
< / div >
< / div >
2021-04-01 20:45:17 +00:00
2021-04-08 10:28:06 +00:00
< a href = "#" class = "md-top md-icon" data-md-component = "top" data-md-state = "hidden" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z" / > < / svg >
< / a >
2021-03-28 12:40:56 +00:00
< / main >
< footer class = "md-footer" >
< nav class = "md-footer__inner md-grid" aria-label = "Footer" >
< a href = "../full-text-search/" class = "md-footer__link md-footer__link--prev" rel = "prev" >
< div class = "md-footer__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg >
< / div >
< div class = "md-footer__title" >
< div class = "md-ellipsis" >
< span class = "md-footer__direction" >
Previous
< / span >
Full-Text Search
< / div >
< / div >
< / a >
< a href = "../ipv6/" class = "md-footer__link md-footer__link--next" rel = "next" >
< div class = "md-footer__title" >
< div class = "md-ellipsis" >
< span class = "md-footer__direction" >
Next
< / span >
IPv6
< / div >
< / div >
< div class = "md-footer__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z" / > < / svg >
< / div >
< / a >
< / nav >
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
< div class = "md-footer-copyright" >
< div class = "md-footer-copyright__highlight" >
< p > & copy < a href = "https://github.com/docker-mailserver" > < em > Docker Mailserver Organization< / em > < / a > < br / > < span > This project is licensed under the MIT license.< / span > < / p >
< / div >
Made with
< a href = "https://squidfunk.github.io/mkdocs-material/" target = "_blank" rel = "noopener" >
Material for MkDocs
< / a >
< / div >
< / div >
< / div >
< / footer >
< / div >
< div class = "md-dialog" data-md-component = "dialog" >
< div class = "md-dialog__inner md-typeset" > < / div >
< / div >
2021-04-08 10:28:06 +00:00
< script id = "__config" type = "application/json" > { "base" : "../../.." , "features" : [ "navigation.tabs" , "navigation.top" , "navigation.expand" , "navigation.instant" ] , "translations" : { "clipboard.copy" : "Copy to clipboard" , "clipboard.copied" : "Copied to clipboard" , "search.config.lang" : "en" , "search.config.pipeline" : "trimmer, stopWordFilter" , "search.config.separator" : "[\\s\\-]+" , "search.placeholder" : "Search" , "search.result.placeholder" : "Type to start searching" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.term.missing" : "Missing" } , "search" : "../../../assets/javascripts/workers/search.fe42c31b.min.js" , "version" : { "provider" : "mike" } } < / script >
2021-03-28 12:40:56 +00:00
2021-04-10 14:35:39 +00:00
< script src = "../../../assets/javascripts/bundle.7353b375.min.js" > < / script >
2021-03-28 12:40:56 +00:00
< / body >
< / html >