rewrite Kubernetes page

- re-structure the page (mainly introducing `===`) to enable users to
  switch easily between individual parts of this docs page
- rewrite the PROXY protocol parts
- add Traefik PROXY protocol example with deciated proxy-ports

docs/content/examples/tutorials/mailserver-behind-proxy.md

@@ -14,6 +14,8 @@ This reduces many of the benefits for why you might use a reverse proxy, but the
 
 Some deployments may require a service to route traffic (kubernetes) when deploying, in which case the below advice is important to understand well.
 
+We also provide a [dedicated documentation page][docs::kubernetes] for using a proxy in Kubernetes.
+
 ## What can go wrong?
 
 Without a reverse proxy involved, a service is typically aware of the client IP for a connection.
@@ -357,7 +359,6 @@ Software on the receiving end of the connection often supports configuring an IP
 
     A similar setting [`mynetworks`][postfix-docs::settings::mynetworks] / [`PERMIT_DOCKER`][docs::env::permit_docker] manages elevated trust for bypassing security restrictions. While it is intended for trusted clients, it has no relevance to trusting proxies for the same reasons.
 
-
 ### Monitoring
 
 While PROXY protocol works well with the reverse proxy, you may have some containers internally that interact with DMS on behalf of multiple clients.
@@ -373,6 +374,8 @@ While PROXY protocol works well with the reverse proxy, you may have some contai
 
     You should adjust configuration of these monitoring services to monitor for auth failures from those services directly instead, adding an exclusion for that service IP from any DMS logs monitored (_but be mindful of PROXY header forgery risks_).
 
+[docs::kubernetes]: ../../../config/advanced/kubernetes/#__tabbed_2_4
+
 [docs::overrides::dovecot]: ../../config/advanced/override-defaults/dovecot.md
 [docs::overrides::postfix]: ../../config/advanced/override-defaults/postfix.md
 [docs::overrides::user-patches]: ../../config/advanced/override-defaults/user-patches.md