Implement the ability to change the standard ports for LoadBalancer service
Summary
Currently, there appears to be no option in our nginx-chart to change LoadBalancer service ports as they are hardcoded:
https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/nginx/templates/controller-service.yaml#L43
https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/nginx/templates/controller-service.yaml#L52
We should be able to apply custom ports in order to be able to access GitLab through a different port than 80/443
Current implementation:
ports:
{{- if .Values.controller.service.enableHttp }}
- name: http
port: 80
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enableHttps }}
- name: https
port: 443
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}Proposal to add port: {{ .Values.controller.service.ports.http }} and port: {{ .Values.controller.service.ports.https }} to the chart:
ports:
{{- if .Values.controller.service.enableHttp }}
- name: http
port: {{ .Values.controller.service.ports.http }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enableHttps }}
- name: https
port: {{ .Values.controller.service.ports.https }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}I have tested the above configuration and it seems to work without issue:
nginx-ingress:
enabled: true
tcpExternalConfig: "true"
controller:
config:
hsts-include-subdomains: "false"
server-name-hash-bucket-size: "256"
enable-vts-status: "true"
use-http2: "false"
ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl-protocols: "TLSv1.3 TLSv1.2"
server-tokens: "false"
extraArgs:
force-namespace-isolation: ""
service:
externalTrafficPolicy: "Local"
enableHttp: true
enableHttps: true
ports:
http: 7080
https: 7443juliuskvedaras@Juliuss-MBP:~/gitlab/chart$ kubectl get svc gitlab-nginx-ingress-controller
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitlab-nginx-ingress-controller LoadBalancer 10.75.2.123 11.181.203.45 7080:32617/TCP,7443:30143/TCP,22:30676/TCP 109mCurrent behavior
There is no way to modify LoadBalancer service ports 80/443
Expected behavior
We should be able to use custom LoadBalancer service ports.
Versions
- Chart: gitlab-3.3.1
- Kubernetes: 1.14
- Helm: v3.1.2
Relevant logs
(Please provide any relevate log snippets you have collected, using code blocks (```) to format)