Hi, are there any reasons against migration of Mailcow to Kubernetes? At a first glance there are following issues:
- most obvious: docker-compose.yaml needs to be rewritten as Kubernetes config file.
- DBPASS, DBROOT and key.pem needs to be moved to Kubernetes secret store.
- Kubernetes network service should support encryption, Weave with encrytion enabled may be good choice.
Sockets are a really bad choice for Kubernetes, by default nobody knows on which node a service is running so in doubt any services needs to be accessed by network. So some questions are arising:
- MySQL ist set up for both socket and tcp service. phpfpm and other services are using MySQL socket. Are there any issues know if socket will be disabled and services are accessing MySQL by network?
- If it is really necessary to share files, what about NFS or - for large environments - CEPH?
- ACME should manage its keys and certificates in Kubernetes secrets.
- Netfilter no longer needed, that can be achieved with Kubernetes namespaces and policies.
- Watchdog should be replaced by Kubernetes health checks.
- Last but not least: Mailcow@Kubernetes should not care about network, that should be controlled by Kubernetes ingress/egress policies.
Some services are hard to be distributed. For MariaDB MaxScale or Galera may be solution.
Did anybody tried to run Mailcow on Kubernetes? Is it a really bad idea to run Mailcow on Kubernetes?