[mailhog] Add extraPorts in Service and extraContainers in Deployment

[jullianow]

When deploying the mailhog graph using ingress GCE the health check of Google's Load Balancer fails to succeed if the service is configured with basic auth.

This is because the health check is not able to set authentication parameters so that a request gets a return code of 200.
Also, even though there is an smtp port, the load balancer health check only has the ability to communicate via HTTP, HTTPS and HTTP2 protocol.
Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#direct_health

Therefore, the purpose of this change is to give the ability to add an extra container to be used only as a route for the Load Balancer life check to work, at the same time that mailhog basic authentication is enabled.

Signed-off-by: Julliano Goncalves jullianow@gmail.com

[grieshaber]

@jullianow thanks for the PR. Will be release friday afternoon as a new feature release.

[jullianow]

@grieshaber Very good.

[jullianow]

@grieshaber I'm sending the message in this thread because it has to do with it.

Do you think a PR adding a route (E.g. /health) to the Mailhog service makes sense?
This route would not have configuration for basic authentication, so it could be used in the Ingress GCE health check.

That's because, even adding a specific container to be used in the health check (as I described in this PR) is not enough.
Google tries to ensure that all ports exposed by Ingress are returning 200, and therein lies the problem.
When Mailhog has basic authentication, the check fails.

[grieshaber]

@jullianow tbh i'm not very familiar with the GCE native Load-Balancer stuff.
From the docs you mentioned, i see that the LB uses some defaults for the health check. But, alternativly, you can specify a backendService CR yourself that will be used for your Service and customize the healthcheck to point to your extra port:

apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: http-hc-config
spec:
  healthCheck:
    checkIntervalSec: 15
    port: 15020
    type: HTTPS
    requestPath: /healthz

It's not ideal, bc you need to handle the additional ressource though..

But, to understand you 2nd proposal further:
You want to add a valid /health endpoint to mailhog itself and use this for the readnessProbe (which google will then use aswell)?

[jullianow]

Yes, it is possible to do what you are talking about.
But the problem is that I can define which backendconfig should be used for a port.
But the point is that the BackendConfig (either mine or the default that exists naturally) it validates all ports that are specified in Ingress (which is the image I sent).

That is, this suggestion of yours was exactly what I did and that I verified that it doesn't work (after seeing the information block of the official documentation).

But, to understand you 2nd proposal further:
You want to add a valid /health endpoint to mailhog itself and use this for the readnessProbe (which google will then use aswell)?

Perfect. And this route will not suffer from the basic authentication configuration (The pod's readnessProbe would not change (it can remain as is).
So I can have a BackendConfig where the healthCheck will have a requestPath for this route and everything will work.