mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-20 02:34:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

deploy: d10a54d74c

Browse source
This commit is contained in:
github-actions[bot] 2021-05-26 08:35:41 +00:00
parent b18fce7ed6
commit eab69efa61
3 changed files with 48 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

10
edge/config/advanced/kubernetes/index.html
View file

@ -1572,6 +1572,12 @@
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker-mailserver</span>
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver/docker-mailserver:latest</span>
<span class="nt">imagePullPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Always</span>
<span class="nt">securityContext</span><span class="p">:</span>
<span class="nt">capabilities</span><span class="p">:</span>
<span class="c1"># If Fail2Ban is not enabled, you can remove NET_ADMIN.</span>
<span class="c1"># If you are running on CRI-O, you will need the SYS_CHROOT capability,</span>
<span class="c1"># as it is no longer a default capability.</span>
<span class="nt">add</span><span class="p">:</span> <span class="p p-Indicator">[</span><span class="s">&quot;NET_ADMIN&quot;</span><span class="p p-Indicator">,</span> <span class="s">&quot;SYS_PTRACE&quot;</span><span class="p p-Indicator">,</span> <span class="s">&quot;SYS_CHROOT&quot;</span> <span class="p p-Indicator">]</span>
<span class="nt">volumeMounts</span><span class="p">:</span>
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">config</span>
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">postfix-accounts.cf</span>
@ -1664,6 +1670,10 @@
<p class="admonition-title">Note</p>
<p>Make sure that <a href="https://kubernetes.io/docs/concepts/workloads/pods/pod">Pod</a> is <a href="https://kubernetes.io/docs/concepts/configuration/assign-pod-node">assigned</a> to specific <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> in case you're using volume for data directly with <code>hostPath</code>. Otherwise Pod can be rescheduled on a different Node and previous data won't be found. Except the case when you're using some shared filesystem on your Nodes.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If you experience issues with processes crashing showing an error like <code>operation not permitted</code> or <code>postfix/pickup[987]: fatal: chroot(/var/spool/postfix): Operation not permitted</code>, then you should add the <code>SYS_CHROOT</code> capability. Runtimes like CRI-O do not ship with this capability by default.</p>
</div>
<h2 id="exposing-to-the-outside-world"><a class="toclink" href="#exposing-to-the-outside-world">Exposing to the Outside World</a></h2>
<p>The hard part with Kubernetes is to expose deployed mailserver to outside world. Kubernetes provides multiple ways for doing that. Each has its downsides and complexity.</p>
<p>The major problem with exposing mailserver to outside world in Kubernetes is to <a href="https://kubernetes.io/docs/tutorials/services/source-ip">preserve real client IP</a>. Real client IP is required by mailserver for performing IP-based SPF checks and spam checks.</p>