[haproxy-unified-gateway] values controller.service.http(s) missleading behavior

[lrenjic]

The service template generates following spec on install:

# rendered by controller-service.yaml — NodePort type (default)
ports:
  - name: http
    port: 31080
    targetPort: 31080
    nodePort: 31080      # only rendered for NodePort type; omitted for LoadBalancer
  - name: https
    port: 31443
    targetPort: 31443
    nodePort: 31443
  - name: stat
    port: 31024
    targetPort: 31024
    # no nodePort — stat.nodePort defaults to ""

Create Gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: haproxy-gateway
  namespace: haproxy-unified-gateway
spec:
  gatewayClassName: haproxy
  listeners:
    - name: http
      protocol: HTTP
      port: 31080
      allowedRoutes:
        namespaces:
          from: All

After HUG reconciles (any service type):

ports:
  - name: http-31080     # renamed; port and targetPort set to Gateway listener port
    port: 31080
    targetPort: 31080
    nodePort: 30863      # random — HUG dropped the nodePort field
  - name: stat           # untouched by HUG
    port: 31024
    targetPort: 31024
    nodePort: 30981      # random — expected, stat.nodePort defaults to ""

If service kind is NodePort, Gateway is only accessible via that random nodePort on hosts.

If service kind is LoadBalancer, Gateway is accessible via port set by Gateway listener. Cloud provider LoadBalancer targets that random nodePort.

Having service ports in Helm values is missleading, since HUG deletes them and sets ports on service depending on Gateway resource.

[oktalz]

hi @lrenjic
yes, this look like a bug in HUG, we should reserve existing nodePorts by looking up current port number in svc.Spec.Ports before patching