[helm] Support custom port configuration for internal service (#9846)

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

charts/ingress-nginx/README.md

@@ -406,6 +406,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. |
 | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
 | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
+| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
+| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
 | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
 | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
 | controller.service.labels | object | `{}` |  |

charts/ingress-nginx/ci/deployment-internal-lb-values.yaml

@@ -11,3 +11,9 @@ controller:
       enabled: true
       annotations:
         service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+      ports:
+        http: 443
+        https: 80
+      targetPorts:
+        http: 443
+        https: 80

charts/ingress-nginx/templates/controller-service-internal.yaml

@@ -29,9 +29,9 @@ spec:
   {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
   {{- if .Values.controller.service.enableHttp }}
     - name: http
-      port: {{ .Values.controller.service.ports.http }}
+      port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
       protocol: TCP
-      targetPort: {{ .Values.controller.service.targetPorts.http }}
+      targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
     {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
       appProtocol: http
     {{- end }}
@@ -41,9 +41,9 @@ spec:
   {{- end }}
   {{- if .Values.controller.service.enableHttps }}
     - name: https
-      port: {{ .Values.controller.service.ports.https }}
+      port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
       protocol: TCP
-      targetPort: {{ .Values.controller.service.targetPorts.https }}
+      targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
     {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
       appProtocol: https
     {{- end }}

charts/ingress-nginx/values.yaml

@@ -482,6 +482,17 @@ controller:
       ## providers supporting it
       ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
       # externalTrafficPolicy: ""
+
+      # -- Custom port mapping for internal service
+      ports: {}
+      #  http: 80
+      #  https: 443
+
+      # -- Custom target port mapping for internal service
+      targetPorts: {}
+      #  http: http
+      #  https: https
+
   # shareProcessNamespace enables process namespace sharing within the pod.
   # This can be used for example to signal log rotation using `kill -USR1` from a sidecar.
   shareProcessNamespace: false