helm chart: Installation with non privileged port as non root user #1438
Description
Describe the bug
If helm chart is deployed to use a non privileged port Apache Answer writes wrong port into config file.
To Reproduce
Steps to reproduce the behavior:
- Deploy a MySQL database, create a database and a database user
- Create a Kubernetes secret:
kubectl create secret generic answer-secrets --from-literal=db-user=apacheanswer --from-literal=db-password=... --from-literal=admin-user=... --from-literal=admin-password=... --from-literal=admin-email=... - Prepare
values.yaml:
# Overridden values for https://github.com/apache/answer/tree/main/charts
replicaCount: 1
# Environment variables
# Configure environment variables below
# https://answer.apache.org/docs/env
env:
- name: INSTALL_PORT
value: "8080"
- name: LOG_LEVEL
# [DEBUG INFO WARN ERROR]
value: "INFO"
# uncomment the below values to use AUTO_INSTALL and not have to go through the setup process.
# Once used to do the initial setup, these variables won't be used moving forward.
# You must at a minimum comment AUTO_INSTALL after initial setup to prevent an error about the database already being initiated.
- name: AUTO_INSTALL
value: "true"
- name: DB_TYPE
value: "mysql"
- name: DB_HOST
value: mysql
- name: DB_NAME
value: apacheanswer
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: answer-secrets
key: db-user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: answer-secrets
key: db-password
- name: LANGUAGE
value: "en-US"
- name: SITE_NAME
value: "The Unhandled Exception"
- name: SITE_URL
value: "https://example.org"
- name: ADMIN_NAME
valueFrom:
secretKeyRef:
name: answer-secrets
key: admin-user
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: answer-secrets
key: admin-password
- name: ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: answer-secrets
key: admin-email
# Persistence for the /data volume
# Without persistence, your uploads and config.yaml will not be remembered between restarts.
persistence:
enabled: true
accessMode: ReadWriteMany
size: 50Gi
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
service:
# Switch to port 8080 as we are running with as non-root
port: 8080
ingress:
enabled: true
className: "haproxy"
hosts:
- host: example.org
paths:
- path: /
pathType: ImplementationSpecific
tls: []
resources:
requests:
cpu: 1
memory: 1Gi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
- Deploy the chart:
helm upgrade apache-answer chart/ -f values.yaml --install - Open the WebUI via the configured ingress
Actual behavior
- Pod generated an invalid config (using port 80 instead of the configured 8080)
- Then pod tries to restarts
- The pod ends in a crash loop
Generated config file
apache-answer-645c989c98-qv7pm:/# cat /data/conf/config.yaml
debug: false
server:
http:
addr: 0.0.0.0:80
data:
database:
driver: mysql
connection: user:password@tcp(mysql:3306)/apacheanswer
cache:
file_path: /data/cache/cache.db
i18n:
bundle_dir: /data/i18n
service_config:
upload_path: /data/uploads
clean_up_uploads: true
clean_orphan_uploads_period_hours: 48
purge_deleted_files_period_days: 30
swaggerui:
show: true
protocol: http
host: 127.0.0.1
address: :80
ui:
base_url: ""
api_base_url: ""
Expected behavior
- Config declares pod 8080
server:
http:
addr: 0.0.0.0:8080
swaggerui:
address: :8080
- Apache Answer is configured correctly and starts properly.
Platform
- Device: Kubernetes
- OS: n/a
- Browser and version: n/a
- Version: v1.7.0