NodePort value conflict between services

[pamiel]

Dear community,

On chart v0.6.0, when setting the service.type to NodePort and specifying a service.nodePort value, then the following error is raised when trying to deploy using Helm:

Error: release vault failed, and has been uninstalled due to atomic being set: Service "vault" is invalid: spec.ports[0].nodePort: Invalid value: 32445: provided port is already allocated

This is due to the fact that the single service.nodePort value is used in both the vault (server-service.yaml file), vault-active(server-ha-active-service.yaml file) and vault-standby (server-ha-standby-service.yaml file) services.
We should rather have different nodePort values, one per service.

Note that if service.type is set to NodePort but no service.nodePort value is set, then things are working correctly and a random nodePort is allocated to each service.

[sbaier1]

this is still the case and it's pretty inconvenient when trying to deploy vault in a HA setup with a static NodePort (for example to link vault using an existing load balancer in front)

[scottrbaxter]

for example to link vault using an existing load balancer in front

Agreed, I feel like this would be a very common practice for vault clusters. Anyone with a HA cluster in Kubernetes that also needs their company to access the UI via browser are stuck on vault-helm <v0.6.0, or am I missing something here? What's the way forward for users deploying this chart that want to use an existing load balancer?

[mikearruda]

Any update on this one?

[shayfisher]

Just wondering - if one uses nodePort to access vault - the only service one should care about is vault-active isn't it?
I'm thinking on a PR to make this service use the supplied value and let the others select randomly.
Anyone has a different use-case where they access the standby by nodePort?

[pamiel]

Hi @shayfisher ,
That was a good idea, but I think that the "vault-ui" service is also eligible to have a NodePort. So unfortunately, 2 Services ("vault-active" and "vault-ui") for one single nodePort value... :(

[shayfisher]

@pamiel
UI uses : Values.ui.serviceNodePort
While service uses: Values.server.service.nodePort
So one could set two different values and there will be no port collision.
This should work IMHO

[pamiel]

Oh, yes sorry, my mistake !! This is a different value for this nodePort of the UI !!

[mikearruda]

@pamiel
UI uses : Values.ui.serviceNodePort
While service uses: Values.server.service.nodePort
So one could set two different values and there will be no port collision.
This should work IMHO

This doesn't work when deploying in HA mode since server-service, server-ha-standby-service, and server-ha-active-service all use the same node port value

[shayfisher]

@mikearruda You are correct, this is why my PR picks a random port for the standby.
@jasonodonnell suggested to give the user the option to decide which port to use for the standby svc - I will make the changes accordingly.

[swenson]

I believe this was fixed in #610