Skip to content

Commit c7abc5a

Browse files
committed
fix: change default readiness probe port
The default value used by by readiness probe http server must be different from the one used to expose the validation endpoints. Having the same port causes the process to fail because two webservers are trying to bind to the same port. Port 3000 is still used by default to expose the actual validation endpoints, while port 8081 is used to expose the readiness probe endpoint. By default the Policy Server does not enforce TLS on its main port, because of that using a default value of 8443 instead of 3000 would lead to some confusion (assuming https has to be used instead of http). To be honest, this is not relevant for the Kubewarden stack, since the kubewarden-controller has always been tuning the PolicyServer deployment to use port 8443. This is more useful for developers and for users that run Policy Server outside of Kubernetes. Fixes #1117 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
1 parent 1bb4378 commit c7abc5a

File tree

3 files changed

+7
-2
lines changed

3 files changed

+7
-2
lines changed

Dockerfile

+5
Original file line numberDiff line numberDiff line change
@@ -50,5 +50,10 @@ COPY --from=cfg /etc/passwd /etc/passwd
5050
COPY --from=cfg /etc/group /etc/group
5151
COPY ./Cargo.lock /Cargo.lock
5252
USER 65533:65533
53+
# Default port, should be used when tls is not enabled
5354
EXPOSE 3000
55+
# Readiness probe port, always http
56+
EXPOSE 8081
57+
# To be used when tls is enabled
58+
EXPOSE 8443
5459
ENTRYPOINT ["/policy-server"]

cli-docs.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ This document contains the help content for the `policy-server` command-line pro
6464
Default value: `3000`
6565
* `--readiness-probe-port <READINESS_PROBE_PORT>` — Expose readiness endpoint on READINESS_PROBE_PORT
6666

67-
Default value: `3000`
67+
Default value: `8081`
6868
* `--sigstore-cache-dir <SIGSTORE_CACHE_DIR>` — Directory used to cache sigstore data
6969

7070
Default value: `sigstore-data`

src/cli.rs

+1-1
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ pub(crate) fn build_cli() -> Command {
7171
Arg::new("readiness-probe-port")
7272
.long("readiness-probe-port")
7373
.value_name("READINESS_PROBE_PORT")
74-
.default_value("3000")
74+
.default_value("8081")
7575
.env("KUBEWARDEN_READINESS_PROBE_PORT")
7676
.help("Expose readiness endpoint on READINESS_PROBE_PORT"),
7777

0 commit comments

Comments
 (0)