Good evening Bill, Bill Cole via Postfix-users <postfix-users@postfix.org> writes:
> On 2024-10-15 at 22:43:51 UTC-0400 (Wed, 16 Oct 2024 11:43:51 +0900) > Nico Schottelius via Postfix-users <nico.schottel...@ungleich.ch> > is rumored to have said: > > how do you currently run postfix in containers? > > I don't (and neither do most Postfix users) because a robust MTA installation > is a terrible fit for a Docker container, as it will include a lot of > non-Postfix tools and daemon processes and needs to maintain its own internal > and external state (e.g. queue state and mailboxes) across restarts > and crashes. The motivation from our side is to run postfix in kubernetes. Queues & co. can be stored in PVCs, those are persist volume claims allowing to keep state on container restart. > What problem do you think a Postfix container would solve? Mainly allowing to maintain postfix instances the same way as the rest of the infrastructure. As postfix is not the typical "run&crash" software, the argument for automatic restarts and watchers that are provided by k8s is not really an argument, it's more the ease and consistency of deployment. > If you say "configuration complexity" then you're using containers for a bad > reason that > you will regret. There's no single correct configuration that will > work everywhere. >From my perspective there is a signifcant difference between running something in a container (i.e. docker/docker compose) or running it *as* a container in something like k8s. The former is usually a good test bed/development tool, the latter is really helpful for mid to large scale deployments. > I do run a couple of very simple Postfix instances inside FreeBSD jails (for > aggregating relay for customer through one trustworthy node) but they are > quite different from Docker containers and are almost > indistinguishable internally from an installation on bare metal. FreeBSD jails are nice, a nice, but very different use case. Maybe a bit more background to understand what we will be doing in the near future: at the moment we have a couple of postfix instances running in 2 data centers, configured and managed by cdist - those are mainly prod/dev + secondary location setups. For a few years we have started to move our workload into kubernetes using "gitops" - basically you define your infrastructure within git. In our case we are using argocd to transfer "defined state" to "deployed state". All our k8s clusters are IPv6 only and for regular email (hint to other thread) this does not work very well with the exchange towards the IPv4 Internet. For that reason we plan to setup relatively dumb incoming smarthosts on the border gateways that are dual stack - 4 of them are planned at the moment. Each border gateway is a closed kubernetes cluster in itself, allowing us to reuse the same primitives as everywhere else. The actual mail storing and retrieval will be handled inside the larger k8s clusters with the help of dovecot and likely using postgresql backends which are easily distributed in k8s. So long story short, each mx instance will be a container, in total we have planned 8 of them (4 edge nodes, 4 inside the clusters) and for that we can use our home brewed containers, but I think that others would also profit from official postfix containers that can just be trustworthily downloaded and used. BR, Nico
-- Sustainable and modern Infrastructures by ungleich.ch
signature.asc
Description: PGP signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
