liqo icon indicating copy to clipboard operation
liqo copied to clipboard

Published 20 hours ago verified publisher icon liqotech

auth.config.portOverride not being used by the service template

Open Fevereiro6 opened this issue 1 year ago • 7 comments

I noticed that the liqo-auth-service.yaml template is not using the auth.config.portOverride annotation, so when I override it, it does nothing. I think this is easily solvable, as it seems an error in the template

Fevereiro6 avatar May 20 '23 02:05 Fevereiro6

Hi @Fevereiro6, I think you misunderstood the meaning of that value. As explained in the documentation, you have to use it only if you are behind a NAT or a proxy.

A typical usage of it is in a scenario where you do not have a load balancer that provides a public IP. In this case, you can expose the auth and gateway services using a NodePort service and a NAT (configuring port-forwarding). This setup allows you to access liqo auth or gateway using the NAT IP but the liqo-auth needs to know which address has to be contacted from outside to reach itself. That's why you need to override it with the helm values.

I hope I have been clear, whether or not you can ask for more details.

cheina97 avatar May 22 '23 13:05 cheina97

@Fevereiro6 Feel free to make you contribution also with respect to the documentation, eg a PR to clarify this point, if you like.

frisso avatar May 22 '23 13:05 frisso

Hi @Fevereiro6, I think you misunderstood the meaning of that value. As explained in the documentation, you have to use it only if you are behind a NAT or a proxy.

A typical usage of it is in a scenario where you do not have a load balancer that provides a public IP. In this case, you can expose the auth and gateway services using a NodePort service and a NAT (configuring port-forwarding). This setup allows you to access liqo auth or gateway using the NAT IP but the liqo-auth needs to know which address has to be contacted from outside to reach itself. That's why you need to override it with the helm values.

I hope I have been clear, whether or not you can ask for more details.

If I only have one public IP and I need to share it across Loadbalancer type services, I would need to override the port of liqo-auth, as the port (443) is the same as my other service. The override value is not used by any field, at least from what I saw.

Fevereiro6 avatar May 22 '23 19:05 Fevereiro6

Other option for my issue would be exposing liqo-auth via ingress which I tried but was not able to do it successfully

Fevereiro6 avatar May 22 '23 19:05 Fevereiro6

@Fevereiro6 I understand your use case. If you want to add settings in our helm chart to set a custom port for our load balancer feel free to do it.

cheina97 avatar May 24 '23 07:05 cheina97

Hi @Fevereiro6 we added this option in #1836

cheina97 avatar May 29 '23 15:05 cheina97

@cheina97 I would keep this issue open for our future reference. I believe that the term we used in values.yaml is misleading; I would suggest to rename that value from addressOverride/portOverride to addressExternal/portExternal, which looks more intuitive to me. @aleoli any thought?

frisso avatar May 30 '23 07:05 frisso