Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port 9443 conflict #715

Closed
meetdpv opened this issue Feb 27, 2023 · 5 comments · Fixed by #717
Closed

Port 9443 conflict #715

meetdpv opened this issue Feb 27, 2023 · 5 comments · Fixed by #717
Assignees
Labels
enhancement New feature or request helm
Milestone

Comments

@meetdpv
Copy link

meetdpv commented Feb 27, 2023

We see that capsule-webhook-service is using port 9443 which conflicts with other running services in the cluster. We tried changing the port in the webhook-service.yaml but it is throwing error. We are able to install Capsule only when the port is 9443 so it looks like the port is hard-coded in the Capsule code.

Tested on current and previous version
chart: capsule-0.3.5
app version: 0.2.1

  1. How do we change the port 9443 for webhook-service? Can you please provide the details?
  2. Is it possible to provide port as configurable item in Capsule installation?
@meetdpv meetdpv added blocked-needs-validation Issue need triage and validation bug Something isn't working labels Feb 27, 2023
@prometherion
Copy link
Member

Hey, the 9443 port is used for the webhook HTTP calls required by Capsule and is a bit of a standard with Operators.

This port is exposed by the Capsule pods and not directly as a Service, which is backed by the 443 port.

May I ask you what's the error you're reporting, your Kubernetes platform, and the installation method? No problem for making it configurable, we just need first to replicate the error to properly address it.

@prometherion prometherion self-assigned this Feb 28, 2023
@jiten-kmar
Copy link

we in the cluster cannot use 9443 as that is already been in use by other applications. we want to know the process of how to get this on any other port eg 9447 and get it up and running.

@aslafy-z
Copy link
Contributor

I'm not sure about OP specific issue, but IMHO this port should be configurable. My use case is private GKE clusters (configured with enable-aggregator-routing=true, see the first note of https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules). I already opened port 8443 for the controlplane to contact Validating and Mutating in-cluster webhooks and I'd like to re-use this firewall rule instead of opening another port.

@jiten-kmar
Copy link

i guess there is confusion around firewall vs other. it is not a firewall issue. let me re-explain the issue

  • As of now capsule runs on 9443
  • we cannot run this on 9443 as other services are already running on it
  • we want this to run say on 9447 for which we will allow firewall opened up for webhook
  • Issue is the code and all deployments files and images that are coming with capsule, all runs on 9443.
  • Either we update the code in the local and replace 9443 to 9447 and create new image from your provide Dockerfile or do you have any way by which we can use your provided docker images to run on 9447

@prometherion prometherion added enhancement New feature or request helm and removed bug Something isn't working blocked-needs-validation Issue need triage and validation labels Feb 28, 2023
@prometherion prometherion added this to the v0.3.0 milestone Feb 28, 2023
@prometherion
Copy link
Member

prometherion commented Feb 28, 2023

Planning to release this feature for v0.2.3 to avoid waiting for v0.3.0.

Had the time to work on this 🙃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request helm
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants