Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace front daemonset with hostport by a front deployment with a service #28

Closed
rouja opened this issue Mar 25, 2020 · 4 comments · May be fixed by #286
Closed

Replace front daemonset with hostport by a front deployment with a service #28

rouja opened this issue Mar 25, 2020 · 4 comments · May be fixed by #286

Comments

@rouja
Copy link

rouja commented Mar 25, 2020

Hi,

In kubernetes, a daemonset is an object to deploy a specific pod on all nodes or a set of nodes. I think it's a cluster admin object. Here, the chart uses a daemonset to expose a pod outside the cluster. I think it's probably not the better way to achieve it.
I think that replace the daemonset by a deployment and use a service to expose what we need outside the cluster should be better. Actually it will probably be more secure too.
For instance, I'm not sure that theses ports need to be exposed on the WAN :

          - name: smtp-auth
            containerPort: 10025
            hostPort: 10025
            protocol: TCP
          - name: imap-auth
            containerPort: 10143
            hostPort: 10143
            protocol: TCP

I think a good example of what I mean can be found here here.
@rouja rouja changed the title Replace front daemonset whith hostport by a front deployment with a service Replace front daemonset with hostport by a front deployment with a service Mar 25, 2020
@micw
Copy link
Contributor

micw commented Mar 25, 2020

Hi,
daemonset vs. deployment has nothing to do with security, it's just a definition of how many are deployed (deployments have a fixed number of instances, daemonsets have one per node).
I just copied it from https://github.com/Mailu/Mailu/blob/master/docs/kubernetes/mailu/front.yaml and did not see that there's a daemonset. Deployment makes indeed more sense.

Regarding the ports, I need to check if they are needed for something.

@rouja
Copy link
Author

rouja commented Mar 25, 2020

Hi,

As you said "daemonset vs. deployment has nothing to do with security" and my issue mixes two distinct things. Maybe it's better to split it into two issues ?

As far as I know, 10025 and 10143 are not "public e-mail" ports. I think theses ports are used in private by some components (probably dovecot and postfix to check users for instance).

@micw
Copy link
Contributor

micw commented Apr 23, 2020

Hi,
It's both fixed now.

@micw micw closed this as completed Apr 23, 2020
@briantopping
Copy link
Collaborator

Thank you! :) Mailu/Mailu#576 (comment)

@micw micw mentioned this issue May 4, 2020
Closed
micw pushed a commit that referenced this issue Apr 12, 2023
@fastlorenzo
chore(master): release mailu 1.0.0-beta.20 (#28)
e6df57f 
🤖 I have created a release *beep* *boop*
---


##
[1.0.0-beta.20](fastlorenzo/helm-charts-1@mailu-v1.0.0-beta.19...mailu-1.0.0-beta.20)
(2022-11-09)


### Bug Fixes

* fixed typo in external service
([0ec88b1](fastlorenzo@0ec88b1))
* fixed typo in external service
([#27](fastlorenzo#27))
([a2efb99](fastlorenzo@a2efb99))


### Miscellaneous Chores

* release 1.0.0-beta.20
([69697aa](fastlorenzo@69697aa))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
@bidord bidord mentioned this issue Aug 13, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Added support for NodePort port numbers configuration bidord/mailu-helm-charts
3 participants
@briantopping @micw @rouja