helm chart: Installation with non privileged port as non root user #1438
Description
Describe the bug
If helm chart is deployed to use a non privileged port Apache Answer writes wrong port into config file.
To Reproduce
Steps to reproduce the behavior:
- Deploy a MySQL database, create a database and a database user
- Create a Kubernetes secret:
kubectl create secret generic answer-secrets --from-literal=db-user=apacheanswer --from-literal=db-password=... --from-literal=admin-user=... --from-literal=admin-password=... --from-literal=admin-email=... - Prepare
values.yaml:
# Overridden values for https://github.com/apache/answer/tree/main/charts replicaCount: 1 # Environment variables # Configure environment variables below # https://answer.apache.org/docs/env env: - name: INSTALL_PORT value: "8080" - name: LOG_LEVEL # [DEBUG INFO WARN ERROR] value: "INFO" # uncomment the below values to use AUTO_INSTALL and not have to go through the setup process. # Once used to do the initial setup, these variables won't be used moving forward. # You must at a minimum comment AUTO_INSTALL after initial setup to prevent an error about the database already being initiated. - name: AUTO_INSTALL value: "true" - name: DB_TYPE value: "mysql" - name: DB_HOST value: mysql - name: DB_NAME value: apacheanswer - name: DB_USERNAME valueFrom: secretKeyRef: name: answer-secrets key: db-user - name: DB_PASSWORD valueFrom: secretKeyRef: name: answer-secrets key: db-password - name: LANGUAGE value: "en-US" - name: SITE_NAME value: "The Unhandled Exception" - name: SITE_URL value: "https://example.org" - name: ADMIN_NAME valueFrom: secretKeyRef: name: answer-secrets key: admin-user - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: answer-secrets key: admin-password - name: ADMIN_EMAIL valueFrom: secretKeyRef: name: answer-secrets key: admin-email # Persistence for the /data volume # Without persistence, your uploads and config.yaml will not be remembered between restarts. persistence: enabled: true accessMode: ReadWriteMany size: 50Gi podSecurityContext: fsGroup: 1000 securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 service: # Switch to port 8080 as we are running with as non-root port: 8080 ingress: enabled: true className: "haproxy" hosts: - host: example.org paths: - path: / pathType: ImplementationSpecific tls: [] resources: requests: cpu: 1 memory: 1Gi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 - Deploy the chart:
helm upgrade apache-answer chart/ -f values.yaml --install - Open the WebUI via the configured ingress
Actual behavior
- Pod generated an invalid config (using port 80 instead of the configured 8080)
- Then pod tries to restarts
- The pod ends in a crash loop
Generated config file
apache-answer-645c989c98-qv7pm:/# cat /data/conf/config.yaml debug: false server: http: addr: 0.0.0.0:80 data: database: driver: mysql connection: user:password@tcp(mysql:3306)/apacheanswer cache: file_path: /data/cache/cache.db i18n: bundle_dir: /data/i18n service_config: upload_path: /data/uploads clean_up_uploads: true clean_orphan_uploads_period_hours: 48 purge_deleted_files_period_days: 30 swaggerui: show: true protocol: http host: 127.0.0.1 address: :80 ui: base_url: "" api_base_url: "" Expected behavior
- Config declares pod 8080
server: http: addr: 0.0.0.0:8080 swaggerui: address: :8080 - Apache Answer is configured correctly and starts properly.
Platform
- Device: Kubernetes
- OS: n/a
- Browser and version: n/a
- Version: v1.7.0