Why does it need to use a different port? I’m guessing there isn’t any reason why something else is running on the container at 8443. But potentially there is an application that is unable to be configured with a different port?
Just to speak a bit more here, when exposing an application, should that be decided by the Admin that is deciding how they want those applications to be exposed, rather than the charm deciding the final ingress port. It may be that there should be a default value that can be configured, but it does seem odd to have a default exposure on 8433.
it does seem odd to have a default exposure on 8433
The Service is the exposure point, and the container is the backend which is not expected to be directly accessed. It seems like a fairly common use-case to have the backends running on non-standard, unprivileged ports with a Service or load balancer or what-have-you exposing the official ingress point on a standard, privileged port.
Before K8s, this would have been handled in Juju by some charm representing that ingress point, such as haproxy or kubeapi-load-balancer, and that charm would have some config to allow the admin to control the exposed port while the relation to the backend would allow it to specify its internal port. Now that Juju is managing the Service for K8s applications, it seems like it needs to be able to handle the distinction.
The services under kubernetesResources allows the charm to create extra services.
In this case, we will have 2 services created.
The main service is always mapping from 8443 to 8443.
The extra one maps from 443 to 8443. But you have to provide the address of this service by hand to the other side to use.
This is the current limitation because we don’t model service/ingress etc properly yet.
It’s definitely an important feature but it’s currently not in the roadmap.
Would you fire a bug then the team can prioritise and have a plan for it?
thank you