docs(k8s): Advise externalTrafficPolicy: Local if no PROXY protocol configured#4039
Merged
polarathene merged 3 commits intodocker-mailserver:masterfrom May 28, 2024
Amphaal:patch-1
Merged
docs(k8s): Advise externalTrafficPolicy: Local if no PROXY protocol configured#4039polarathene merged 3 commits intodocker-mailserver:masterfrom Amphaal:patch-1
externalTrafficPolicy: Local if no PROXY protocol configured#4039polarathene merged 3 commits intodocker-mailserver:masterfrom
Amphaal:patch-1
Conversation
casperklein
reviewed
May 27, 2024
polarathene
requested changes
May 28, 2024
Co-authored-by: Brennan Kinney <[email protected]>
Member
|
This is a welcome contribution, and something I missed. |
georglauterbach
approved these changes
May 28, 2024
Contributor
Author
|
LGTM, thanks guys ! |
polarathene
approved these changes
May 28, 2024
polarathene
changed the title
externalTrafficPolicy: Local if no PROXY protocol configured
Contributor
|
Documentation preview for this PR is ready! 🎉 Built with commit: 6090329 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If not using
externalTrafficPolicy: Localin service declaration, all incoming requests will most likely be branded as proxied by theexternalIpby which the mail services are accessed; this is undesired. As a side effect, anyexternalIpwill eventually get banned by Fail2Ban, which helped my diagnosis this misconfiguration.I have no idea how well this enforced parameter plays along with "PROXY protocol" configuration.