question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is it possible to change ports on apiext deployment?

See original GitHub issue

https://github.com/emissary-ingress/emissary/blob/5f01e923a297182a08217b7651bfc1a77735391f/cmd/apiext/main.go#L54


context:

we are migration ambassador edge stack from 1.14 to 2.2 and this port is blocking the webhooks in a EKS cluster with calico. I need to use hostNetwork for my webhooks due to calico and I need to chose a different port for the setup. If I use raw as is deployments from this tutorial: https://www.getambassador.io/docs/edge-stack/latest/topics/install/upgrade/yaml/edge-stack-1.14/edge-stack-2.2/ I get the following error:

kubectl -n ambassador logs -f aes-9598676c-56cv9

E0417 20:41:05.376019       1 reflector.go:138] pkg/kates/client.go:439: Failed to watch *unstructured.Unstructured: failed to list *unstructured.Unstructured: conversion webhook for getambassador.io/v2, Kind=Mapping failed: Post "https://emissary-apiext.emissary-system.svc:443/webhooks/crd-convert?timeout=30s": Address is not allowed

Issue Analytics

  • State:open
  • Created a year ago
  • Reactions:2
  • Comments:6 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
aspexdanielcommented, Oct 12, 2022

hit the same issue with EKS cluster & Calico. The main reason is mentioned at Calico’s website: https://projectcalico.docs.tigera.io/getting-started/kubernetes/managed-public-cloud/eks

Note: Calico networking cannot currently be installed on the EKS control plane nodes. As a result the control plane nodes will not be able to initiate network connections to Calico pods. (This is a general limitation of EKS’s custom networking support, not specific to Calico.) As a workaround, trusted pods that require control plane nodes to connect to them, such as those implementing admission controller webhooks, can include hostNetwork:true in their pod spec. See the Kubernetes API pod spec definition for more information on this setting.

Basically the only thing we can do is to use hostNetwork:true, then apiext by default will only use 8080, 8443 which obviously is not ideal. It should be configurable.

For reference, cert-manager has a nice documentation exactly about this https://cert-manager.io/docs/installation/compatibility/ and they provide a nice configurable value webhook.securePort in their helm chart.

1reaction
matdehaastcommented, Jun 30, 2022

@cindymullins-dw the configuration is required so that when hostNetwork: true is chosen that we could choose the ports to use. Currently the ports 8080, 8443 could be taken up by another item on the host. By being able to configure it, we could set it ourselves if there are conflicts.

I’m happy to create a PR for this. I’m just not sure how best to set the values? ENV variables seem the easiest

Read more comments on GitHub >

github_iconTop Results From Across the Web

Configuring port settings - IBM
When you configure WebSphere Application Server resources or assign port numbers to other applications, you must avoid conflicts with other assigned ports.
Read more >
Configure ports | Network | Northflank Application docs
Updating ports on your deployments will not require a restart. Protocol, Uses, Can be made public? HTTP(S)/1.1, Common web servers, websockets, Yes.
Read more >
Getting Started with Emissary-ingress
Learn how to install Emissary-ingress with either Helm or kubectl to get started routing traffic from the edge of your Kubernetes cluster to ......
Read more >
Changing website port on each deployment
Blue/green style deployments by varying the port number between each deployment.
Read more >
Update Virtual Service Ports on VirtServer - SmartBear Support
On your computer, the service will use the same port it used before the deployment. Using web interface. To change the port from...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found