From b73931cdcb4d3742fd41e1018a535ee1d6e34b7b Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 6 Oct 2022 17:10:33 +0200
Subject: [PATCH] fix(mok): Fix unexpected connection problems with
proxy-protocol
This patch switches the externalTrafficPolicy to `Local` for the
proxy-protocol enabled services, in order to skip kube-proxy when
connecting, this makes sure that proxy-protocol can actually function
and doesn't hit a node that would need to redirect traffic.
References:
https://metallb.org/usage/#layer2
https://github.com/kubernetes/kubernetes/issues/66607
https://github.com/digitalocean/digitalocean-cloud-controller-manager/pull/206
---
charts/mok/Chart.yaml | 2 +-
charts/mok/README.md | 3 ++-
charts/mok/templates/postfix.yaml | 1 +
charts/mok/tests/__snapshot__/postfix_test.yaml.snap | 1 +
charts/mok/values.yaml | 1 +
5 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/charts/mok/Chart.yaml b/charts/mok/Chart.yaml
index 6ac5765c8..d419a673b 100644
--- a/charts/mok/Chart.yaml
+++ b/charts/mok/Chart.yaml
@@ -3,7 +3,7 @@ name: mok
description: |
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
type: application
-version: 0.6.3
+version: 0.7.0
sources:
- https://de.postfix.org/ftpmirror/index.html
- https://github.com/dovecot/core
diff --git a/charts/mok/README.md b/charts/mok/README.md
index 1d8f20db0..5995695cd 100644
--- a/charts/mok/README.md
+++ b/charts/mok/README.md
@@ -1,6 +1,6 @@
# mok
- 
+ 
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
@@ -79,6 +79,7 @@ Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that run
| postfix.securityContext.capabilities.add[6] | string | `"DAC_OVERRIDE"` | required to setup TLS and alike |
| postfix.securityContext.capabilities.drop[0] | string | `"ALL"` | getting rid of all capabilities since we already have too many |
| postfix.securityContext.runAsNonRoot | bool | `false` | |
+| postfix.service.public.externalTrafficPolicy | string | `"Local"` | |
| postfix.service.public.type | string | `"LoadBalancer"` | type of the public endpoint for smtp, submission, and submissions. **Note**: It's configured to share the IP with dovecot in case of metallb |
| postfix.tls.secretName | string | `"nil"` | secret holding the TLS keys for postfix. **Required** |
| postfix.tolerations | list | `[]` | |
diff --git a/charts/mok/templates/postfix.yaml b/charts/mok/templates/postfix.yaml
index ab3b7ae5b..00326b5fd 100644
--- a/charts/mok/templates/postfix.yaml
+++ b/charts/mok/templates/postfix.yaml
@@ -27,6 +27,7 @@ spec:
{{- include "mok.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: postfix
type: {{ .Values.postfix.service.public.type }}
+ externalTrafficPolicy: {{ .Values.postfix.service.externalTrafficPolicy }}
---
apiVersion: apps/v1
kind: StatefulSet
diff --git a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
index 0a3b5cdef..07b48084b 100644
--- a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
@@ -13,6 +13,7 @@ should match snapshot:
helm.sh/chart: mok-1.2.3
name: RELEASE-NAME-mok-postfix
spec:
+ externalTrafficPolicy: null
ports:
- name: smtp
port: 25
diff --git a/charts/mok/values.yaml b/charts/mok/values.yaml
index 613a2b342..4e19505b2 100644
--- a/charts/mok/values.yaml
+++ b/charts/mok/values.yaml
@@ -91,6 +91,7 @@ postfix:
public:
# -- type of the public endpoint for smtp, submission, and submissions. **Note**: It's configured to share the IP with dovecot in case of metallb
type: LoadBalancer
+ externalTrafficPolicy: Local
tls:
# -- secret holding the TLS keys for postfix. **Required**
--
GitLab