我可以使用内置的Intress Operator内置的OpenShift来揭示SMTP和IMAP服务吗?
我无法使用nodeport服务,因为我有一个设置的群集以不暴露任何公共节点IP,所有流量都通过一个API节点(非常烦人,但这就是我必须使用的工具)。
我无法使用此处所述的路线: openshift路由到接受SMTP请求
我发现了这个,但它是基于http的,并使用封面下的路由: https:///www.tutorialworks。 com/openshift-ingress/
我有一个 docker mailserver 运行-SMTP从群集中发送正常工作。
我想要的是在标准SMTP/IMAP端口上公开SMTP/IMAP协议服务的入口。我不需要负载平衡,HA,多个主机名等。对于IMAP,我什至不需要TLS(这是一个内部测试系统)。
这是我在邮件服务器名称空间中尝试过的方法,该空间无法连接到主机,端口:imap.mycluster.mycompany.com,143; 从集群外部。只是试图让IMAP首先工作。
apiVersion: v1
kind: Service
metadata:
name: mailserver-imap
labels:
app: mailserver
spec:
type: ClusterIP
selector:
app: mailserver
ports:
- name: imap
port: 143
targetPort: imap
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: imap
spec:
defaultBackend:
service:
name: mailserver-imap
port:
number: 143
Can I use OpenShift built in Ingress operator to expose SMTP and IMAP services?
I can't use NodePort Service as I have a cluster that is setup to not expose any public node IPs, all traffic goes through a single api node (very annoying but that's the tooling I have to work with).
I can't use routes as described here: Openshift route to accept SMTP requests
I found this but it is http based and uses routes under the covers: https://www.tutorialworks.com/openshift-ingress/
I have a docker mailserver running - SMTP send from within the cluster works fine.
What I want is an Ingress that exposes the SMTP/IMAP protocol services on standard SMTP/IMAP ports. I don't need load balancing, HA, multiple host names, etc. For IMAP I don't even need TLS (this is an internal test system).
Here's what I have tried in my mailserver namespace that yields Couldn't connect to host, port: imap.mycluster.mycompany.com, 143; from outside the cluster. Just trying to get IMAP working first.
apiVersion: v1
kind: Service
metadata:
name: mailserver-imap
labels:
app: mailserver
spec:
type: ClusterIP
selector:
app: mailserver
ports:
- name: imap
port: 143
targetPort: imap
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: imap
spec:
defaultBackend:
service:
name: mailserver-imap
port:
number: 143
发布评论
评论(2)
如果您需要通过标准HTTP(S)端口以外的任何内容进行直接访问POD,则推荐的方法是将POD的
Service> Service对象公开为LoadBalancer(这是最强大的选项)。因此,您的服务看起来更像是其他资源:
If you need direct TCP access to pods over anything other than the standard HTTP(S) ports, the recommended method is to expose the pod's
Serviceobject as a LoadBalancer (this is the most robust option). So your service would look more likeAdditional resources:
根据您对使用alpha/beta软件的容忍度,也许您可能对下一代K8S Ingress/Route命名
“ Gateway API”感兴趣
下一代Ingress API解决了当前入口/路由/nodeports等的大多数
局限。这包括haproxy,nginx等...
这里有一些指示:
Depending of your tolerance to using alpha/beta software, maybe you could be interested by the next generation of k8s ingress/route named
"Gateway API"This next generation ingress API addresses most of the limitations of current ingress/routes/nodeports etc
Its is currently possible to deploy a
Gatewayimplementation in OCP and use it, most current ingress controller have an implementation of the API. This includes HAProxy, nginx etc...Some pointers here: