Expose /healthz on a different port to allow binding SERVER_HOST to localhost

[Skaronator]

By design, the external-dns webhook implementation expects that the webhook is available on port 8888. For security reasons, this port should be bound only to localhost to avoid access from other pods.

This will result that the kubelet won't be able to reach /healthz on port 8888. Therefor it would make sense to expose /healthz on port 8080 to be compatible with the offical helm-chart.

Here is the ref from the offical docs:

The default recommended port is 8888, and should listen only on localhost (ie: only accessible for k8s probes and external-dns).

https://kubernetes-sigs.github.io/external-dns/latest/docs/tutorials/webhook-provider/#implementation-requirements

Additionally:

The metrics should listen “:8080” on /metrics following Open Metrics format.

https://kubernetes-sigs.github.io/external-dns/latest/docs/tutorials/webhook-provider/#metrics-support

Background: As of now, this provider is incompatible with the external-dns helm chart. I did raise an issue to potentially fix this incompatibility, but the non-compatible helm-chart is by design. Hence, this provider needs to be adapted. https://github.com/kubernetes-sigs/external-dns/issues/4764#issuecomment-2387739526

[muhlba91]

thank you for raising this incompatibility! 🙂

the provider was designed/released before the official helm chart was finished/released. i'll see to get compatibility w.r.t. the official chart as soon as i get some more time.

[Skaronator]

Thank you! No problem, I'm using a workaround for now. I’ve been using the provider for a few months already, and it’s been working great. Thank you for your hard work :)