Currently, the ingress-nginx doesn’t support TCP/UDP services due to Kubernetes limitations. The required workaround is to expose the TCP (for example SMTP(S), IMAP(S)) to be accessible from outside over internet, a Kubernetes Service LoadBalancer. This means inbound email need to be sent using this Service LoadBalancer address which is serving tcp traffic. This may means there is an overhead of an extra L4 LoadBalancer cost. This is purely due to current limitations on Kubernetes for TCP/UDP services and not related to Content Services helm setup.
So, for example if your Content Services Helm chart is enabled with Inbound/Outbound email in domain *.example.com, then the service endpoints would be:
- myacs.example.com - for general Alfresco, Digital Workspace, and Share endpoints
- smtps-myacs.example.com - for sending emails to Content Services smtp(s) server (for example port: 1125 (smtps), 1144(imaps))
It is recommended to enable TLS while configuring SMTP(s) and IMAP(s) configuration. If TLS is enabled for inbound email, then the helm chart expects the TLS certificate as a Secret before installing the chart. This secret name is passed on as a parameter with helm chart installation to be used for inbound email with TLS and repository will create keystore and truststore accordingly from the provided SSL certificates.
For example, if your Content Services email server name is smtps-myacs.example.com and your SSL certificates (self signed or signed) are cert.pem, fullchain.pem and privkey.pem run the following command to create a Kubernetes TLS secret:
kubectl create secret tls your-cert-secret --key privkey.pem --cert fullchain.pem --namespace=alfresco
Deploy the latest version of Content Services Enterprise by running the command below (replace YOUR-DOMAIN-NAME with the hosted zone you created, and replace the email values accordingly). See the table of Configuration options for the full list of available options.
helm install acs alfresco/alfresco-content-services \ --set externalPort="443" \ --set externalProtocol="https" \ --set externalHost="acs.YOUR-DOMAIN-NAME" \ --set persistence.enabled=true \ --set persistence.storageClass.enabled=true \ --set persistence.storageClass.name="nfs-client" \ --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ --set mail.host="smtp.gmail.com" \ --set mail.from.default="some.user@gmail.com" \ --set mail.username="some.user@gmail.com" \ --set mail.password="somepassword" \ --set mail.protocol=smtps \ --set mail.smtp.auth=true \ --set mail.smtps.auth=true \ --set email.server.enabled=true \ --set email.server.auth.enabled=true \ --set email.server.enableTLS=true \ --set email.server.domain=smtps-myacs.example.com \ --set email.inbound.unknownUser="some.user@gmail.com" \ --set email.ssl.secretName=your-cert-secret \ --set imap.server.enabled=true \ --set imap.server.imap.enabled=true \ --set imap.server.imaps.enabled=true \ --atomic \ --timeout 10m0s \ --namespace=alfresco