Skip to content

Commit

Permalink
MAJOR: change http and https default ports to 8080 and 8443
Browse files Browse the repository at this point in the history
with new s6 we completely move to rootless container setup, therefore binding to 80 and 443 is nto possible nor desired by default.

if you are using external mode or nodePort setup this needs to be aligned
  • Loading branch information
oktalz committed Feb 12, 2024
1 parent 67db961 commit e54beae
Show file tree
Hide file tree
Showing 11 changed files with 28 additions and 20 deletions.
4 changes: 4 additions & 0 deletions deploy/haproxy-ingress-daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -152,13 +152,17 @@ spec:
args:
- --configmap=haproxy-controller/haproxy-kubernetes-ingress
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
seccompProfile:
type: RuntimeDefault
resources:
limits:
memory: 2560Mi
Expand Down
4 changes: 4 additions & 0 deletions deploy/haproxy-ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -153,13 +153,17 @@ spec:
args:
- --configmap=haproxy-controller/haproxy-kubernetes-ingress
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
seccompProfile:
type: RuntimeDefault
resources:
limits:
memory: 2560Mi
Expand Down
8 changes: 4 additions & 4 deletions deploy/tests/config/3.ingress-controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,13 @@ spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
port: 8080
targetPort: 8080
nodePort: 30080
protocol: TCP
- name: https
port: 443
targetPort: 443
port: 8443
targetPort: 8443
nodePort: 30443
protocol: TCP
- name: stat
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func newAppSvc() *store.Service {
{
Name: "https",
Protocol: "TCP",
Port: 443,
Port: 8443,
Status: store.ADDED,
},
},
Expand Down
2 changes: 1 addition & 1 deletion deploy/tests/tnr/routeacl/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ func (suite *UseBackendSuite) UseBackendFixture() (eventChan chan k8s.SyncDataEv
{
Name: "https",
Protocol: "TCP",
Port: 443,
Port: 8443,
Status: store.ADDED,
},
},
Expand Down
2 changes: 1 addition & 1 deletion documentation/annotations.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ This is autogenerated from [doc.yaml](doc.yaml). Description can be found in [ge
| [ssl-passthrough](#https) | [bool](#bool) | "false" | |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
| [ssl-redirect](#https) | [bool](#bool) | "false" | https |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [ssl-redirect-code](#https) | [301, 302, 303] | "302" | ssl-redirect |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [ssl-redirect-port](#https) | number | 443 | ssl-redirect |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [ssl-redirect-port](#https) | number | 8443 | ssl-redirect |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [syslog-server](#logging) | [syslog](#syslog-fields) | "address:127.0.0.1, facility: local0, level: notice" | |:large_blue_circle:|:white_circle:|:white_circle:|
| [standalone-backend](#standalone-backend) | [bool](#bool) | | |:white_circle:|:large_blue_circle:|:large_blue_circle:|
| [timeout-check](#timeouts) | [time](#time) | | |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
Expand Down
8 changes: 4 additions & 4 deletions documentation/controller.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ Image can be run with arguments:
| [`--disable-ipv6`](#--disable-ipv6) | `false` |
| [`--ipv4-bind-address`](#--ipv4-bind-address) | `0.0.0.0` |
| [`--ipv6-bind-address`](#--ipv6-bind-address) | `::` |
| [`--http-bind-port`](#--http-bind-port) | `80` |
| [`--https-bind-port`](#--https-bind-port) | `443` |
| [`--http-bind-port`](#--http-bind-port) | `8080` |
| [`--https-bind-port`](#--https-bind-port) | `8443` |
| [`--disable-http`](#--disable-http) | `false` |
| [`--disable-https`](#--disable-https) | `false` |
| [`--sync-period`](#--sync-period) | `5s` |
Expand Down Expand Up @@ -478,7 +478,7 @@ Example:

Possible values:

- A valid port in the range. Default: 80
- A valid port in the range. Default: 8080

Example:

Expand All @@ -496,7 +496,7 @@ Example:

Possible values:

- A valid port in the range. Default: 443
- A valid port in the range. Default: 8443

Example:

Expand Down
2 changes: 1 addition & 1 deletion documentation/custom-resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -165,5 +165,5 @@ spec:
- protocol: TCP
port: 443
name: https
targetPort: 443
targetPort: 8443
```
10 changes: 5 additions & 5 deletions documentation/doc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -241,8 +241,8 @@ image_arguments:
- argument: --http-bind-port
description: Customize the HTTP frontend binding port.
values:
- "A valid port in the range. Default: 80"
default: 80
- "A valid port in the range. Default: 8080"
default: 8080
version_min: "1.5"
example: --http-bind-port=8080
helm: |-
Expand All @@ -251,8 +251,8 @@ image_arguments:
- argument: --https-bind-port
description: Customize the HTTPS frontend binding port.
values:
- "A valid port in the range. Default: 443"
default: 443
- "A valid port in the range. Default: 8443"
default: 8443
version_min: "1.5"
example: --http-bind-port=8443
helm: |-
Expand Down Expand Up @@ -1605,7 +1605,7 @@ annotations:
type: number
group: https
dependencies: ssl-redirect
default: "443"
default: "8443"
description:
- Sets the HTTPS port to redirect to when HTTP to HTTPS traffic redirection is enabled when `ssl-redirect` is true.
tip:
Expand Down
2 changes: 1 addition & 1 deletion pkg/annotations/common/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ var DefaultValues = map[string]string{
"request-capture-len": "128",
"ssl-redirect-code": "302",
"request-redirect-code": "302",
"ssl-redirect-port": "443",
"ssl-redirect-port": "8443",
"ssl-passthrough": "false",
"server-ssl": "false",
"scale-server-slots": "42",
Expand Down
4 changes: 2 additions & 2 deletions pkg/utils/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@ type OSArgs struct {
DefaultBackendPort int `long:"default-backend-port" description:"port to use for default service" default:"6061"`
ChannelSize int64 `long:"channel-size" description:"sets the size of controller buffers used to receive and send k8s events.NOTE: increase the value to accommodate large number of resources "`
ControllerPort int `long:"controller-port" description:"port to listen on for controller data: prometheus, pprof" default:"6060"`
HTTPBindPort int64 `long:"http-bind-port" default:"80" description:"port to listen on for HTTP traffic"`
HTTPSBindPort int64 `long:"https-bind-port" default:"443" description:"port to listen on for HTTPS traffic"`
HTTPBindPort int64 `long:"http-bind-port" default:"8080" description:"port to listen on for HTTP traffic"`
HTTPSBindPort int64 `long:"https-bind-port" default:"8443" description:"port to listen on for HTTPS traffic"`
SyncPeriod time.Duration `long:"sync-period" default:"5s" description:"Sets the period at which the controller syncs HAProxy configuration file"`
CacheResyncPeriod time.Duration `long:"cache-resync-period" default:"10m" description:"Sets the underlying Shared Informer resync period: resyncing controller with informers cache"`
HealthzBindPort int64 `long:"healthz-bind-port" default:"1042" description:"port to listen on for probes"`
Expand Down

0 comments on commit e54beae

Please sign in to comment.