Charts: [stable/nginx-ingress] containerPort setting isn't work in helm chart

Created on 7 Jun 2019 · 6Comments · Source: helm/charts

Hello guys!
Looks like containerPort directive doesn't work in helm chart.
I've set a strict PSP looked like this (so users won't run under root):

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: mypsp
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
spec:
  privileged: false
  allowPrivilegeEscalation: false
  requiredDropCapabilities:
    - ALL
  allowedCapabilities:
  - NET_BIND_SERVICE
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'persistentVolumeClaim'

Then I've set this in my custom-values.yaml:

controller:
  # Configures the ports the nginx-controller listens on
  containerPort:
    http: 10080
    https: 10443

Then i've executed:
$ helm install stable/nginx-ingress --namespace test_ns --name test_nginx --tls --values=custom-values.yaml

It doesn't even set in Deployment until i make a chart copy and execute like this:
$ helm ./nginx-ingress --namespace test_ns --name test_nginx --tls --values=custom-values.yaml

Now I see this:
$ root@server:/# kubectl logs -l 'app=nginx-ingress' -f

W0607 18:06:38.955117       8 queue.go:130] requeuing initial-sync, err 
-------------------------------------------------------------------------------
Error: exit status 1
2019/06/07 18:06:38 [notice] 54#54: ModSecurity-nginx v1.0.0
nginx: the configuration file /tmp/nginx-cfg232993513 syntax is ok
2019/06/07 18:06:38 [emerg] 54#54: bind() to 0.0.0.0:80 failed (13: Permission denied)
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
nginx: configuration file /tmp/nginx-cfg232993513 test failed

Why still 80 port have seen?

lifecyclstale

Source

chrono2002

👍2

Most helpful comment

Port changing doesn't work at all. any solution?

silenceleaf on 30 Oct 2019

👍3

All 6 comments

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] on 7 Jul 2019

This issue is being automatically closed due to inactivity.

stale[bot] on 21 Jul 2019

Same problem. This issue should not being closed.

ingress values.yml file:

controller:
  hostNetwork: true
  containerPort:
    http: 9080
    https: 9443
  service:
    type: ClusterIP
    targetPorts:
      http: 9080
      https: 9443
    Ports:
      http: 9080
      https: 9443

Install

helm upgrade xw-ingress stable/nginx-ingress --install -f ./nginx-ingress-values.yaml

Check ports
Found the pod still listening on 80 and 443：

root@:~/nginx-ingress# kubectl -n nginx-ingress get pod,svc -o wide
NAME                                                            READY   STATUS    RESTARTS   AGE   IP              NODE                         NOMINATED NODE   READINESS GATES
pod/xw-ingress-nginx-ingress-controller-868f9f6f7c-6dsxm        1/1     Running   0          58m   10.67.12.92     jn.set01.app.k8s.ingress01   <none>           <none>
pod/xw-ingress-nginx-ingress-controller-868f9f6f7c-9g9w7        1/1     Running   0          58m   10.67.12.100    jn.set01.app.k8s.ingress02   <none>           <none>
pod/xw-ingress-nginx-ingress-default-backend-775b756f6c-zwl4g   1/1     Running   0          59m   172.18.205.14   jn.set01.app.k8s.ingress01   <none>           <none>

NAME                                                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE   SELECTOR
service/xw-ingress-nginx-ingress-controller           ClusterIP   172.18.240.0     <none>        80/TCP,443/TCP   59m   app=nginx-ingress,component=controller,release=xw-ingress
service/xw-ingress-nginx-ingress-controller-metrics   ClusterIP   172.18.247.108   <none>        9913/TCP         59m   app=nginx-ingress,component=controller,release=xw-ingress
service/xw-ingress-nginx-ingress-default-backend      ClusterIP   172.18.231.232   <none>        80/TCP           59m   app=nginx-ingress,component=default-backend,release=xw-ingress

telnet new port failed

root@~/nginx-ingress# telnet 10.67.12.92 9080
Trying 10.67.12.92...
telnet: connect to address 10.67.12.92: Connection refused

root@~/nginx-ingress# telnet 10.67.12.92 9443
Trying 10.67.12.92...
telnet: connect to address 10.67.12.92: Connection refused

root@~/nginx-ingress# telnet 10.67.12.92 80
Trying 10.67.12.92...
Connected to 10.67.12.92.
Escape character is '^]'.
^]
telnet> q
Connection closed.

root@~/nginx-ingress# telnet 10.67.12.92 443
Trying 10.67.12.92...
Connected to 10.67.12.92.
Escape character is '^]'.
^]
telnet> q
Connection closed.