Varnish: Change default port from 80 to 8080. (#97)

The port 8080 is a "standard" HTTP port for applications running inside
a private infrastructure. As the default HTTP port (80) is a system port
, it is not possible to restrain permissions through the securityContext
and drop rootUser out-of-the-box. This will result in a permission error
while trying to create a socket on port 80.

This commit intends to fix this and make the application of the securityContext
(required in most if not every production clusters) a lot more simple.

chart/templates/deployment.yaml

@@ -58,6 +58,7 @@ spec:
           - -admin-port=6083
           - -signaller-enable
           - -signaller-port=8090
+          - -frontend-port={{ .Values.service.target }}
           {{- if .Values.cache.frontendWatch }}
           - -frontend-watch
           {{- else }}

chart/templates/statefulset.yaml

@@ -51,6 +51,7 @@ spec:
           - -admin-port=6083
           - -signaller-enable
           - -signaller-port=8090
+          - -frontend-port={{ .Values.service.target }}
           {{- if .Values.cache.frontendWatch }}
           - -frontend-watch
           {{- else }}

chart/values.yaml

@@ -160,7 +160,7 @@ exporter:
 service:
   type: ClusterIP
   port: 80
-  target: 80
+  target: 8080
 
 ingress:
   enabled: false

cmd/kube-httpcache/internal/flags.go

@@ -64,7 +64,7 @@ func (f *KubeHTTPProxyFlags) Parse() error {
 	flag.StringVar(&f.Kubernetes.RetryBackoffString, "retry-backoff", "30s", "backoff for Kubernetes API reconnection attempts")
 
 	flag.StringVar(&f.Frontend.Address, "frontend-addr", "0.0.0.0", "TCP address to listen on")
-	flag.IntVar(&f.Frontend.Port, "frontend-port", 80, "TCP port to listen on")
+	flag.IntVar(&f.Frontend.Port, "frontend-port", 8080, "TCP port to listen on")
 
 	flag.BoolVar(&f.Frontend.Watch, "frontend-watch", false, "watch for Kubernetes frontend updates")
 	flag.StringVar(&f.Frontend.Namespace, "frontend-namespace", "", "name of Kubernetes frontend namespace")