search

trinodb / charts

Apache License 2.0
151 stars 174 forks source link

UncheckedIOException: Failed to bind to /0.0.0.0:8443 when using HTTPS behind an Ingress #147

Open andrey-kondratov opened 7 months ago

andrey-kondratov commented 7 months ago

Summary

Cannot use TLS encryption b/w Ingress controller and the Service.

Steps to reproduce

server:
  config:
    https:
      enabled: true
service: 
  type: ClusterIP
  port: 8443
ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS

Expected result

The service created would be mapped to 8443 port of the pods, thus facilitating the TLS encryption between the Ingress controller and the Trino Coordinator Pod.

Actual result

The port 8443 is assigned to http-server.http.port, which makes the process attempt to listen on the port twice, and ends up in an exception:

UncheckedIOException: Failed to bind to /0.0.0.0:8443

andrey-kondratov commented 7 months ago

A workaround is to disable HTTP server:

  coordinatorExtraConfig: |
    http-server.http.enabled=false
  workerExtraConfig: | 
    http-server.http.enabled=false

However, the liveness and readiness probes will still be trying to check containers using HTTP scheme, and there is no parameter in the Helm chart to override it to HTTPS.