skip to Main Content

Can I use OpenShift built in Ingress operator to expose SMTP and IMAP services?

I can’t use NodePort Service as I have a cluster that is setup to not expose any public node IPs, all traffic goes through a single api node (very annoying but that’s the tooling I have to work with).

I can’t use routes as described here: Openshift route to accept SMTP requests

I found this but it is http based and uses routes under the covers: https://www.tutorialworks.com/openshift-ingress/

I have a docker mailserver running – SMTP send from within the cluster works fine.

What I want is an Ingress that exposes the SMTP/IMAP protocol services on standard SMTP/IMAP ports. I don’t need load balancing, HA, multiple host names, etc. For IMAP I don’t even need TLS (this is an internal test system).

Here’s what I have tried in my mailserver namespace that yields Couldn't connect to host, port: imap.mycluster.mycompany.com, 143; from outside the cluster. Just trying to get IMAP working first.

apiVersion: v1
kind: Service
metadata:
  name: mailserver-imap
  labels:
    app: mailserver
spec:
  type: ClusterIP
  selector:
    app: mailserver
  ports:
    - name: imap
      port: 143
      targetPort: imap
      protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: imap
spec:
  defaultBackend:
    service:
      name: mailserver-imap
      port:
        number: 143

2

Answers


  1. If you need direct TCP access to pods over anything other than the standard HTTP(S) ports, the recommended method is to expose the pod’s Service object as a LoadBalancer (this is the most robust option). So your service would look more like

    apiVersion: v1
    kind: Service
    metadata:
      name: mailserver-imap
      labels:
        app: mailserver
    spec:
      type: LoadBalancer
      selector:
        app: mailserver
      ports:
        - name: imap
          port: 143
          targetPort: imap
          protocol: TCP
    

    Additional resources:

    Login or Signup to reply.
  2. Depending of your tolerance to using alpha/beta software, maybe you could be interested by the next generation of k8s ingress/route named"Gateway API"
    This next generation ingress API addresses most of the limitations of current ingress/routes/nodeports etc

    Its is currently possible to deploy aGatewayimplementation in OCP and use it, most current ingress controller have an implementation of the API. This includes HAProxy, nginx etc…

    Some pointers here:

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search