New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrading to 1.8 broke Service backwards compatibility by not allowing the same target port multiple times #53526
Comments
/kind bug /area api |
Sounds reasonable. @thockin WDYT? |
@kubernetes/sig-network-api-reviews |
Hi, same problem here. Trying to create a service with helm, both 80 and 443 ports using same targetPort, and got this error:
$ kubectl version |
Feels reasonable, and it seems this is impacting enough people to warrant reverting the original change. @thockin WDYT? |
Given Service objects are |
/assign |
For the one looking for a temporary way to fix it you have to mix named port with value, see below:
|
This seems to be the PR that shipped this. Why would we want to validate that there are no duplicate target ports anyway? There should be plenty of IP addresses free inside the cluster IP ranges on most clusters (or you have a different problem on your hands) and there are plenty of high-range ports free for the NodePort type. The NAT path through the node should be safe. I'm not sure why this validation is needed. It seems perfectly safe and sane to me. Plus this is a pretty severe breaking change for the ingress-nginx sidecar for pods. |
Automatic merge from submit-queue (batch tested with PRs 54826, 53576, 55591, 54946, 54825). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Revert "Validate if service has duplicate targetPort" **What this PR does / why we need it**: Services allow duplicate targetPort. This reverts commit ce54d90. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #53526 **Special notes for your reviewer**: /cc @thockin @jhorwit2 **Release note**: ```release-note NONE ```
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
/sig api
/sig network
What happened:
Prior to 1.8 it was possible to specify the same targetPort in the service definition multiple times. In 1.8, validation was added that prohibited this.
What you expected to happen:
I expect backwards compatibility for GA resources, so having the same targetPort multiple times should be allowed. This is a valid use case IMO for target ports. If you take the example below, the load balancer terminates SSL, so that manifest allows the nginx pods to receive http on port 80 while the load balancer serves traffic on 80 & 443.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Original ticket for validation: #47222
The text was updated successfully, but these errors were encountered: