One of the more confusing aspects of rebuilding my Kubernetes cluster was determining how to send webmentiond emails with docker-postfix. I started by deploying the image like before after locally verifying its functioning.

I added webmentiond, using my own chart but disabling the Traefik-based Ingress since I’m using Contour here. The default Envoy configuration—and by extension the default Contour configuration—doesn’t require any middleware for compression. Rate limiting seemed complicated until I realized I was looking at global rate limiting. Although I could easily have added local rate limiting, I ultimately chose to leave it out of my new route.

As I’ve mentioned before, I still had to manually add the IP addresses of the nodes in the cluster to the Google Workspace routing configuration due to the lack of a programmatic API. I wish Terraform could handle it. Perhaps something like Puppeteer would allow automating it, but it seems complicated, even assuming it were possible to log into the account without manual intervention.

I toyed with the idea of adding another detour in the form of a proxy with a static IP that postfix could route its connection through—perhaps a Droplet in a VPC with a Floating IP. Then I was struck by a better idea, which was to create a fixed number of Floating IPs outside Terraform, allow those in the Workspace, and have Terraform assign them to the nodes of the (fixed size) cluster upon creation. However, due to the dynamic nature of nodes in a cluster, this would be brittle and unreliable.

I would have preferred to build something like hcloud-ip-floater for DigitalOcean. While there were no specific Rust crates wrapping the REST API at the time, regular HTTP libraries are perfectly usable. Still, that would have required a non-negligible amount of effort. I postponed making a decision while I worked on other parts of the cluster.

Next in series: (#16 in The Death and Rebirth of a Cluster)