Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: change default readiness probe port #1122

Merged
merged 1 commit into from
Mar 5, 2025

Conversation

flavio
Copy link
Member

@flavio flavio commented Mar 5, 2025

The default value used by by readiness probe http server must be different from the one used to expose the validation endpoints. Having the same port causes the process to fail because two webservers are trying to bind to the same port.

Port 3000 is still used by default to expose the actual validation endpoints, while port 8081 is used to expose the readiness probe endpoint.

By default the Policy Server does not enforce TLS on its main port, because of that using a default value of 8443 instead of 3000 would lead to some confusion (assuming https has to be used instead of http).

To be honest, this is not relevant for the Kubewarden stack, since the kubewarden-controller has always been tuning the PolicyServer deployment to use port 8443. This is more useful for developers and for users that run Policy Server outside of Kubernetes.

Fixes #1117

The default value used by by readiness probe http server must be
different from the one used to expose the validation endpoints. Having
the same port causes the process to fail because two webservers are
trying to bind to the same port.

Port 3000 is still used by default to expose the actual validation
endpoints, while port 8081 is used to expose the readiness probe
endpoint.

By default the Policy Server does not enforce TLS on its main port,
because of that using a default value of 8443 instead of 3000 would lead
to some confusion (assuming https has to be used instead of http).

To be honest, this is not relevant for the Kubewarden stack, since the
kubewarden-controller has always been tuning the PolicyServer
deployment to use port 8443. This is more useful for developers and for
users that run Policy Server outside of Kubernetes.

Fixes kubewarden#1117

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
@flavio flavio requested a review from a team as a code owner March 5, 2025 09:17
Copy link

codecov bot commented Mar 5, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.63%. Comparing base (1bb4378) to head (c7abc5a).
Report is 7 commits behind head on main.

Additional details and impacted files
@@             Coverage Diff             @@
##             main    #1122       +/-   ##
===========================================
+ Coverage   33.42%   60.63%   +27.21%     
===========================================
  Files          17       18        +1     
  Lines        1152     1189       +37     
===========================================
+ Hits          385      721      +336     
+ Misses        767      468      -299     
Flag Coverage Δ
integration-tests 55.56% <ø> (?)
unit-tests 33.42% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@flavio flavio merged commit b002837 into kubewarden:main Mar 5, 2025
14 checks passed
@flavio flavio deleted the change-default-readiness-probe-port branch March 5, 2025 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

Readiness probe endpoint and /audit, /validate share the same default port
3 participants